JSON string Mapping in elasticsearch

Elastic Stack Elasticsearch
1

Hi

We are in development phase and using one master and two data node
setup.

I am using elasticserch to save application log in JSON format.

So that we could easily create mapping on all josn filed .

Our Log format is very simple JSON string .

{
"timestamp" :"",
"application" :"",
"severity" :"",
"clientip" :"",
"server" :"",
"exception" :""

}

Now When I am sending log logstash to Elasticserch then log is being
saved and displaying under @message column on Kibana and _plugin Head as a
JSON string

Now I want to create mapping on three fields (timestamp,application
and severity ) form JSON string to create schema and make these filed
searchable.

To create mapping i run the below curl command

curl -XPUT http://localhost:9200/_template/logstash_per_index -d '{
"template" :"logstash*",
"settings" : {

   "index.cache.field.type" :"soft",
   "index.store.compress.stored" : true,
   "index.query.default_field" :"@message"
 
},

"mappings" : {
"default" : {
"_all" : {"enabled" : false},
"properties" : {
"@message" : {

              "properties" : {
           *        "timestamp" : {"type":"date"},*

  •                   "application" : {"type":"string"},*

  •                   "severity" : {"type":"string"}*
              

             }
        },
       "@source": {"type":"string","index":"not_analyzed" },
       "@source_host": {"type":"string","index":"not_analyzed" },
       "@source_path": {"type":"string","index":"not_analyzed" },
       "@tags": {"type":"string","index":"not_analyzed" },
       "@timestamp": {"type":"date","index":"not_analyzed" },
        "@type": {"type":"string","index":"not_analyzed" }    
     }   
  }
    }
    }
    '

But after run these command these filed are not searchable yet (i.e Not
comming as separate column ).

[image: Inline image 1]

We are not not able figure out what is the wrong with this mapping.

Kindly suggest .

Regards
Rahul

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/ea36a487-7bd5-4b4e-9973-bf048c95713e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.