Logstash input twitter

abaykal · June 10, 2015, 11:07am

I am using logstash-input-twitter plugin. I dont want certain fields to be not_analyzed. is this something I can define in the output tag? if so, can you provide an example?

Thanks

theuntergeek · June 10, 2015, 5:03pm

not_analyzed is handled at the Elasticsearch level.

By default, the Elasticsearch mapping template included with Logstash (which applies to indices named logstash-YYYY.MM.dd) has a "multi-field" mapping. All string fields automatically get both an analyzed (the regular field name) and not_analyzed (fieldname.raw) version of the field.

If you have a different index naming pattern, this template will not be applied.

abaykal · June 10, 2015, 5:28pm

I thought they removed the .raw field from 1.5

theuntergeek · June 10, 2015, 5:43pm

Only from the message field. All other string fields get the .raw treatment still.

abaykal · June 11, 2015, 10:39pm

how do I access the .raw field from the kibana to create graphs?

theuntergeek · June 12, 2015, 3:36am

All string fields should have a .raw version, e.g. fieldname would also appear as fieldname.raw

Topic		Replies	Views
Confused about how to use .raw fields and not analyze string fields Kibana	37	51283	July 6, 2017
How to turn current string field into non-analyzed? Kibana	7	1090	July 6, 2017
Fields Mapping \| not_analyzed Elasticsearch	7	1348	July 5, 2017
Trying to set not_analyzed to a field Elasticsearch	1	541	July 6, 2017
Analyzed vs not_analyzed Elasticsearch	2	2773	July 5, 2017

Logstash input twitter

Related topics