I'm using ELK on AWS. I want to analyze AWS ELB (load balancer) logs, and later on, I would love to see here Nginx logs as well.
I've setup everything and it works! So, thanks for your software guys!
Meanwhile, I have a small issue.
I've configured insertion logs into search cluster, then I went to Kibana UI and choose the default index (which is: elblogs-*, in my case).
Then I executed a mapping update to treat some fields in a way which will allow me to search for specific symbols (like: -, /, \ etc).
Here is the query:
curl -XPUT 'https://awses-domain/elblogs*/_mapping/elb-access-logs' --data "@update_mapper_for_raw.json"
Here is the content of the file:
{
"properties": {
"request_uri_path": {
"type": "text",
"fields": {
"raw": {
"type": "keyword",
"index": "not_analyzed"
}
}
}
}
}
Then I've double checked the mapping
curl -XGET 'https://awses-domain/elblogs*/_mapping
and I can see my changes here
{
"elblogs-2017.08.17": {
"aliases": {},
"mappings": {
"elb-access-logs": {
"properties": {
...
"request_uri_path": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
},
"raw": {
"type": "keyword"
}
}
},
...
}
}
},
"settings": {
"index": {
"creation_date": "1502960475384",
"number_of_shards": "5",
"number_of_replicas": "1",
"uuid": "TcdTaIooTwqnXBkFDV_qMg",
"version": {
"created": "5030299"
},
"provided_name": "elblogs-2017.08.17"
}
}
}
}
Even though in Kibana I can see it is as searchable
I can see no result on any type of the search against this field, I can't see this field either in any other search result. How can I fix it?