Mappings messed up...help?

Elastic Stack Elasticsearch
1

Hi Folks,
Blundering around with an ELK stack I've managed to break it, yay me!
I was trying to disable the _all field as (I believe) it basically
duplicates all the data I'm already storing, so after way too much googling
I came up with this,

curl -XPUT http://localhost:9200/_template/logstash_per_index -d '{
"template" : "logstash*",
"settings" : {
"number_of_shards" : 2,
"index.cache.field.type" : "soft",
"index.refresh_interval" : "5s",
"index.store.compress.stored" : true,
"index.query.default_field" : "@message"
},
"mappings" : {
"default" : {
"_all" : {"enabled" : false},
"properties" : {
"@fields" : {
"type" : "object",
"dynamic": true,
"path": "full",
"properties" : {
"clientip" : { "type": "ip"}
}
},
"@message": { "type": "string", "index": "analyzed" },
"@source": { "type": "string", "index": "analyzed" },
"@source_host": { "type": "string", "index": "analyzed" },
"@source_path": { "type": "string", "index": "analyzed" },
"@tags": { "type": "string", "index": "analyzed" },
"@timestamp": { "type": "date", "index": "analyzed" },
"@type": { "type": "string", "index": "analyzed" }
}
}
}
}
'
And now kibana isn't showing anything from the time the mapping was
applied, older data is fine. I can see documents and data going into the
stack via Bigdesk and Head but I can't visualise them with kibana. Can
anyone help ? What did I do wrong ?
At the moment I'd settle for reapplying the default out-of-the-box mappings
if I could find them anywhere, or if I knew how to do it :frowning:

JJ

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/cad60329-5d03-42a9-8842-fd378d4ea66b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

2

You need to set index.query.default_field, see

On 25 November 2014 at 11:07, Jack Judge jackjudge01@gmail.com wrote:

Hi Folks,
Blundering around with an ELK stack I've managed to break it, yay me!
I was trying to disable the _all field as (I believe) it basically
duplicates all the data I'm already storing, so after way too much googling
I came up with this,

curl -XPUT http://localhost:9200/_template/logstash_per_index -d '{
"template" : "logstash*",
"settings" : {
"number_of_shards" : 2,
"index.cache.field.type" : "soft",
"index.refresh_interval" : "5s",
"index.store.compress.stored" : true,
"index.query.default_field" : "@message"
},
"mappings" : {
"default" : {
"_all" : {"enabled" : false},
"properties" : {
"@fields" : {
"type" : "object",
"dynamic": true,
"path": "full",
"properties" : {
"clientip" : { "type": "ip"}
}
},
"@message": { "type": "string", "index": "analyzed" },
"@source": { "type": "string", "index": "analyzed" },
"@source_host": { "type": "string", "index": "analyzed" },
"@source_path": { "type": "string", "index": "analyzed" },
"@tags": { "type": "string", "index": "analyzed" },
"@timestamp": { "type": "date", "index": "analyzed" },
"@type": { "type": "string", "index": "analyzed" }
}
}
}
}
'
And now kibana isn't showing anything from the time the mapping was
applied, older data is fine. I can see documents and data going into the
stack via Bigdesk and Head but I can't visualise them with kibana. Can
anyone help ? What did I do wrong ?
At the moment I'd settle for reapplying the default out-of-the-box
mappings if I could find them anywhere, or if I knew how to do it :frowning:

JJ

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/cad60329-5d03-42a9-8842-fd378d4ea66b%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/cad60329-5d03-42a9-8842-fd378d4ea66b%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAF3ZnZk0oJ%3D7WXpO4euVYpK5St7_XZ-DWnyeDBF%2BJbfy5PcHKQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.