PUT mapping resulting in hidden fields , not appearing in 'Discover'

ajayraghuraj · April 22, 2019, 5:03am

I added a field by updating all the indices using the 'PUT' API. But they appear as missing fields in the 'Available fields' and do not appear in the Fields 'Table' . Can someone help with this ?

PUT logstashindex-*/_mapping/_doc
{
"properties": {
"messageID": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}

    "messageID": {
      "type": "text",
      "fields": {
        "keyword": {
          "type": "keyword",
          "ignore_above": 256
        }
      }
    },

Logstash config -

fingerprint {
source => "[system][syslog][message]"
method => "MURMUR3"
}

mutate { add_field => { "messageID" => "%{[system][syslog][program]}-%{fingerprint}" } }

system · May 20, 2019, 5:03am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.