I have setup to write log4j logs to elasticsearch. However it only maps log4j default fields such as level, message and etc. Full log message contains session id in the console log but that part is not mapped by default in the index mapping in ES. Any solution to map new field to index mapping? please advice me.
Here is the appender I used ,
<Elasticsearch name="elasticsearchAsyncBatch">
<IndexName indexName="test-000001"/>
<AsyncBatchDelivery>
<JestHttp serverUris="http://localhost:9200">
</JestHttp>
</AsyncBatchDelivery>
</Elasticsearch>
Here is the mapping. This should include
{
"mapping": {
"index": {
"properties": {
"level": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"loggerName": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"message": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"thread": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"timeMillis": {
"type": "long"
}
}
}
}
}