[SOLVED] Dynamic template doesn't match any of my field

David_Leclere · June 12, 2017, 2:56pm

I 'am trying to configure a chain like this :

LOG <--- FILEBEAT --> LOGSTASH --> ELASTICSEARCH

But the dynamic mapping i tried to use is not matching any field.

I specify a custom template in my elasticsearch output as below :

output {
elasticsearch {
hosts => "http://XXX.XXX.XXX.XXX:9200"
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
template => "/etc/logstash/template.json"
template_overwrite => true
document_type => "%{[@metadata][type]}"
document_id => "%{fingerprint}"
}
}

Content of the template.json file is :

{
"template" : "subscription-informations*",
"mappings" : {
"log" : {
"dynamic_templates": [
{ "string_template": {
"match_mapping_type": "string",
"mapping": {
"type": "string"
}}
},
{ "integer_template": {
"match": "_capacity",
"mapping": {
"type": "integer"
}}
},
{ "date_template": {
"match": "_date",
"mapping": {
"type": "date"
}}
},
{ "ip_template": {
"match": "*_ip",
"mapping": {
"type": "ip"
}}
}
]
}
}
}

But when i get the template of my log type i got :

{
"subscription-informations-2017.06.12":{
"mappings":{
"log":{
"dynamic_templates":[
{
"string_template":{
"match_mapping_type":"string",
"mapping":{
"type":"string"
}
}
},
{
"integer_template":{
"match":"_capacity",
"mapping":{
"type":"integer"
}
}
},
{
"date_template":{
"match":"_date",
"mapping":{
"type":"date"
}
}
},
{
"ip_template":{
"match":"*_ip",
"mapping":{
"type":"ip"
}
}
}
],
"properties":{
"@timestamp":{
"type":"date"
},
"@version":{
"type":"text"
},
"backup_enabled":{
"type":"text"
},
"beat":{
"properties":{
"hostname":{
"type":"text"
},
"name":{
"type":"text"
},
"version":{
"type":"text"
}
}
},
"cpu_capacity":{
"type":"text"
},
"datacenter_name":{
"type":"text"
},
"disk_capacity":{
"type":"text"
},
"fingerprint":{
"type":"text"
},
"host":{
"type":"text"
},
"input_type":{
"type":"text"
},
"offset":{
"type":"long"
},
"owner_mail":{
"type":"text"
},
"owner_name":{
"type":"text"
},
"ram_capacity":{
"type":"text"
},
"source":{
"type":"text"
},
"subscription_creation_date":{
"type":"date"
},
"subscription_deletion_date":{
"type":"date"
},
"subscription_name":{
"type":"text"
},
"subscription_status":{
"type":"text"
},
"subscription_type":{
"type":"text"
},
"tags":{
"type":"text"
},
"type":{
"type":"text"
},
"virtualmachine_id":{
"type":"text"
},
"virtualmachine_ip":{
"type":"text"
},
"virtualmachine_name":{
"type":"text"
}
}
}
}
}
}

What i'am missing ?

David_Leclere · June 12, 2017, 3:42pm

self answer in case of someone encouteers the same issue :

Elasticsearch uses the first matching dynamic template for each field. In my case all fields was mapped by my "string_template".

system · July 10, 2017, 3:42pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Template mapping not being applied Elasticsearch	6	772	May 17, 2021
Dynamic Template not working after upgrading to Elasticsearch 2.3.1 Elasticsearch	6	1434	July 5, 2017
Dynamic Template not applying Elasticsearch	3	1242	July 5, 2017
Fields not saved with template mapping Elasticsearch	3	641	December 9, 2019
A question about dynamic templates Elasticsearch	8	1425	July 2, 2020

[SOLVED] Dynamic template doesn't match any of my field

Related Topics