Log stash is reading the file and sending it to kibana but the terms panel split the field value (for eg. prod-Mumbai-22201 in to three field values such as prod, Mumbai,22201). Kindly help me so that I can resolve it programmatically.
I heard of mapping but don't have much idea about that.
Possibly an analyzer is changing your data.
See if this helps
https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-pattern-analyzer.html
Specifically the non word analysis section
I am able to see the mapping which tells that the required field is string and analysed by default. How can I update the mapping for all the fields which I want to be non analysed.
Rajeev,
You have to create a new empty index with your new mapping requirements and then reindex the data to the new index.
You cannot change mapping after index creation.
Hi Mark,
Can you please tell me how can I have a default mapping for future index.I am using Elastic search 2.2 ,logstash 2.2 and Kibana 4.4 in windows. It will be great help for me so kindly let me know in detail.
Thanks,
Rajeev
Rajeev
Create a dynamic mapping template.
This will catch all new indices created with similar name strings and apply a dynamic mapping to the index upon creation. It is too long to reiterate so here is the link.