I am seeing an issues where i am not seeing .raw fields but instead i am seeing .keyword fields. I know there was a problem when you change the default index name from logstash-* to something else but couldn't recall the fix for it. How do i get the raw fields back? Any idea.
Also as i have already ingested so many data now. Is there a way to re-index those data to get the .raw fields. This broke my dashboard too.
Logstash Version:- 5.5
It's in the default index template. You would have to change your template. I recommend updating it for Elasticsearch 5.x anyway, as mapping changes occurred (even if you preserve .raw instead of .keyword).
To "fix" your .keyword fields, you will have to re-index your data using the Reindex API, or potentially the Reindex action in Elasticsearch Curator.
It might be easier/better to fix the dashboards to use .keyword and reindex the old data to also be .keyword, but I have no idea what scale or volume of data you're dealing with.
@theuntergeek Consider me as newbie , could you suggest how to update the default template. My problem with updating the template is that the index names are dynamic. How can i update a template that will match any new index that i create. I don't have a fixed pattern as they are tied to aws account names. Could you please provide an example.?
Is .raw equivalent to .keyword.? Can i just just leave as it is to .keyword and change my visualizations from raw to keyword?
For reindexing, do i need to fix the mappings first?
--
Niraj
Use the GET _template command.
You can see here that this template matches everything that comes in, regardless of the index name.
Definitely go reads through the documentation if you haven't already.
https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-templates.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.