I am using logstash-input-twitter plugin. I dont want certain fields to be not_analyzed. is this something I can define in the output tag? if so, can you provide an example?
Thanks
not_analyzed is handled at the Elasticsearch level.
By default, the Elasticsearch mapping template included with Logstash (which applies to indices named logstash-YYYY.MM.dd) has a "multi-field" mapping. All string fields automatically get both an analyzed (the regular field name) and not_analyzed (fieldname.raw) version of the field.
If you have a different index naming pattern, this template will not be applied.
I thought they removed the .raw field from 1.5
Only from the message field. All other string fields get the .raw treatment still.
how do I access the .raw field from the kibana to create graphs?
All string fields should have a .raw version, e.g. fieldname would also appear as fieldname.raw