Based on the breaking changes in elasticsearch 2,0 and other information:
...its apparent that fields names with leading underscores and/or containing dots are a bad thing. I have observed that logstash's will generate a mapping against fields with leading underscores.
Are there plans to make logstash's mapping logic more aware of the elasticsearch schema? And, in the meantime, how can I handle unstructured log data coming in that is quite likely to occasionally break both of the above rules?
And finally, are there any other restrictions I should be mindful of with field naming etc?