We are using an ELK stack (6.2.4) as a centralized logging platform. All our remote servers are using Filebeat or WinLogBeat to push their logs to the stack. Each different operating system puts their log entries in to their own index and each index is created daily. i.e. windows-2018.12.06
We came across a situation where one of the fields created needs to be a different type in order to do an aggregation and also another field that needs to be non_analyzed so we can do full string searches. From what I am reading I will need to drop the indices and recreate them specifying the type that I need for the fields. (Please correct me if I am wrong)
My question is: how do I make these new type changes persistent to newly created indices when they are created the following day? For instance, when one of my linux hosts sends a log entry 12:01am, and the new date index is created, how can I insure that the field type that I set up this morning carries over to tomorrow's index?