A little while ago the issue of managing Elastic templates for new sensor configs came up, and we didn’t quite put it to bed.
When creating new sensors, I almost invariably find the auto-generated schemas for elastic pick some incorrect types. I also find I have to recreate indexes every time to push in the proper dynamic templates for things like geo enrichment fields. So, my questions are: How should we address elastic template for new sensors? Do we have circumstances where we would need to configure types, or can we get away with inferring them? Should we just add some additional dynamic templates to cover our common fields like timestamp (the most common culprit I find for incorrect typing)? I’d also like to think about ways we can generalise this. Does anyone have any thoughts on what sort of additional index schemes we should want to infer (solr seems an obvious one, any others?). Thoughts on a well typed, schemaed and easily indexed postcard please :) Simon
