Hi team,
i need an urgent help, below is my elastic template.
The fields that gets indexed is creating two fields, one with the field name "field" and another with name "field.keyword".
Having tow different mapping for same field is preventing me from creating one click visulaization from Discover page of Kibana.
Can someone help me whats wrong with this template and why is it creating two fields?
{
"index_patterns": "lsh-_fact-*",
"settings": {
"index.refresh_interval": "5s",
"number_of_shards" : "1",
"number_of_replicas" : "1"
},
"mappings": {
"netactmapping":{
"date_detection": false,
"dynamic_templates": [
{
"message_field": {
"match": "message",
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
},
{
"string_fields": {
"match": "*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword",
"omit_norms": true
}
}
}],
"properties": {
"@version": {
"type": "keyword",
"doc_values" : true
},
"logtime": { "type": "keyword"},
"thread": { "type": "keyword"},
"data1": { "type": "keyword"},
"data2": { "type": "keyword"},
"loglevel": { "type": "keyword"},
"class": { "type": "keyword"},
"mess": { "type": "text"},
"hostname": { "type": "keyword"},
"type": { "type": "keyword"},
"@timestamp": {"type": "date"},
"geoip": {
"type": "object",
"dynamic": true,
"properties": {
"location": {
"type": "geo_point"
}
}
}
}
}
}
}