Currently forwarding windows events to logstash 2.3.1and using elasticsearch 2.3.1 . I would like to get index as raw some of the event_data.param fields (as they could contain reserved characters such as "") .
How can I proceed ?
Thanks
You need to update the template/mapping in ES to set that.
https://www.elastic.co/guide/en/elasticsearch/reference/5.1/indices-templates.html#indices-templates
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.