Mapping based on template not working

pkaramol · July 5, 2018, 11:12am

I am importing some data to elasticsearch after passing it through some lostash pipelinening.

I am declaring in the template (snippet below) some fields e.g. as ip and some others as integer

        "src": {"type": "ip"},
        "dst": {"type":"ip"},
        "src_port": {"type": "integer", "index":false},
        "dst_port": {"type": "integer"},

However, in my elasticsearch instance they end up as string

dst src

What is more, when retrieving the templates from kibana the seem to have the appropriate types:

(this from the kibana dev tools after executing GET /_template/*

          "src": {
            "type": "ip"
          },
          "dst": {
            "type": "ip"
          },
          "src_port": {
            "type": "integer",
            "index": false
          },
          "dst_port": {
            "type": "integer"
          },

Christian_Dahlqvist · July 5, 2018, 11:16am

What does the rest of the template look like? Does it match your index name?

pkaramol · July 5, 2018, 11:18am

Yes by typing the question I just noticed I had erroneous index matching in the template, i.e. the index_patterns field of my template did not match the actual indices I wanted mapped.

thx

system · August 2, 2018, 11:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.