I am trying to stop the field 'host' from being set to analyzed. Even when I can get it to say 'false' in the index description, it is still pulling apart the hostnames using '.' as a separator. I am using logstash 1.4.2 and kibana 4.0.2. I have tried using a json template for my index and setting host index to not_analyzed, but that isn't working. I am new to ELK, so any help is appreciated.
to have a field set to be not analyzed you define it this way...
"host": {"type":"string", "index":"not_analyzed"}
If that doesn't work for you, it is best if you paste here the mapping you are trying to use, and a sample document you are trying to index.
If you are using the default logstash index template, it configures a .raw non-analyzed field for each field that elasticsearch sees. If you use that template, check for whether that field exists - if you're using your own template, you can reference the logstash index tempalte for an example of how to do it in your own template.