Mapping based on template not working

pkaramol · July 5, 2018, 11:12am

I am importing some data to elasticsearch after passing it through some lostash pipelinening.

I am declaring in the template (snippet below) some fields e.g. as ip and some others as integer

        "src": {"type": "ip"},
        "dst": {"type":"ip"},
        "src_port": {"type": "integer", "index":false},
        "dst_port": {"type": "integer"},

However, in my elasticsearch instance they end up as string

dst src

What is more, when retrieving the templates from kibana the seem to have the appropriate types:

(this from the kibana dev tools after executing GET /_template/*

          "src": {
            "type": "ip"
          },
          "dst": {
            "type": "ip"
          },
          "src_port": {
            "type": "integer",
            "index": false
          },
          "dst_port": {
            "type": "integer"
          },

Christian_Dahlqvist · July 5, 2018, 11:16am

What does the rest of the template look like? Does it match your index name?

pkaramol · July 5, 2018, 11:18am

Yes by typing the question I just noticed I had erroneous index matching in the template, i.e. the index_patterns field of my template did not match the actual indices I wanted mapped.

thx

system · August 2, 2018, 11:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Template Field Mapping Not Taking Elasticsearch	3	827	July 5, 2017
Template mapping not being applied Elasticsearch	6	772	May 17, 2021
Logstash 6.4.2 template mapping does not working Logstash	2	723	December 7, 2018
Applying My First Index Template Elasticsearch	5	1053	October 2, 2019
Mappings types Elasticsearch	11	842	June 9, 2022

Mapping based on template not working

Related topics