Unwanted tokenising of apache log fields: referer and request


(subs) #1

Hi,

I'm new to elasticsearch and am really struggling with the suppression of the tokenising of two apache log fields I have defined: referer & request. Both are supplied (obviously) by logstash and then displayed in Kibana panels. My index is essentially "apache-YYYY.MM.DD".

Does anybody have the code I need to define these fields as "not_analyzed"? The examples I've found are confusing to me (as a newbie) and anything I've tried has failed.

Thanks in advance!

Phil.


(system) #2