Well I am complete novice to Json hence not sure about making new one. By the way how about just renaming the existing one to the one with my index name?
You can't rename index templates but you can certainly get an existing one, edit it slightly, and post it to a new location.
Managed templates offer a simple reliable solution, based on the conclusion of removing the settings section. The template_file is referenced by the logstash configuration invoked with logstash.bat -f plain.conf.
Template file (plain_template.json)
{"template":"plain*","order":0,"version":50001,"mappings":{"_default_":{"properties":{"placename":{"type":"text"},"x":{"type":"float"},"y":{"type":"float"},"latitude":{"type":"half_float"},"longitude":{"type":"half_float"},"location":{"type":"geo_point"}}}},"aliases":{}}
Logstash configuration (plain.conf)
input {
file {
path => "$(pwd -W)/plain.json"
codec => json
start_position => "beginning"
}
}
filter {
mutate {
add_field => {
"location[lat]" => "%{y}"
"location[lon]" => "%{x}"
}
convert => {
"location[lat]" => "float"
"location[lon]" => "float"
}
}
}
output {
elasticsearch {
template => "$(pwd -W)/plain_template.json"
template_name => "plain_template"
hosts => [ "localhost:9200" ]
index => "plain-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }
}This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.