Sorry for the simple question but the documentation was not clear to me. I am using python to send data to elasticsearch.
Should we always define an index before using json specifying this index to populate elasticsearch? For example I saw these examples online:
PUT my-index-000001 { "mappings": { "properties": { "date": { "type": "date" } } } }
Then:
PUT my-index-000001/_doc/3 { "date": 1420070400001 }
Thanks in advance for any help you can offer.
Hi, you can use index templates to define what mappings all indices starting with my-index will have: Create or update index template API | Elasticsearch Guide [8.3] | Elastic
Do I always need to define the index template first separate template from the original json message to elasticsearch?
In other words will the first message define the index without creating an index template outright? Does it know how to set up a simple template on its own with the first message?
Elasticsearch has something called Dynamic Mapping which creates a mapping for a field if it doesn't exists yet, and will try to guess what type it is - if the index itself also doesn't yet exists, Elasticsearch will also create it - it will not create an index template.
OK thank you! And thank you for supplying those links.
Sorry I am really new to elastic. Are there complete examples of ecs fields mixed with custom fields for both index templates and its corresponding json message? For example custom fields mixed with date and geo.location?
I found some examples. Thank you for your help.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.