Hi,
I have setup ELK stack and I am going by default index name, which is
logstash-YYYY.MM.DD . Since this is the only index format I have, I decided
to create a template file, so that whenever new index gets created i can
set up the mapping property. I am not able to push the data to
elasticsearch if my index mapping gets created from template. May I know
where am I wrong ?
Here is my mapping file content:
{
"X_Server" : {
"properties" : {
"@timestamp" : {
"type" : "date",
"format" : "dateOptionalTime"
},
"@version" : { "type" : "string" },
"class" : { "type" : "string" },
"file" : { "type" : "string"},
"message": {"type": "string"},
"host" : { "type" : "string", "index": "not_analyzed" }
}}}
My template file content is
{
"template": "logstash-*",
"settings" : {
"index.number_of_shards" : 3,
"index.number_of_replicas" : 1,
"index.query.default_field" : "@message",
"index.routing.allocation.total_shards_per_node" : 2,
"index.auto_expand_replicas": false
},
"mappings": {
"X_Server": {
"_all": { "enabled": false },
"_source": { "compress": false },
"properties" : {
"class" : { "type" : "string", },
"host" : { "type" : "string", "index" : "not_analyzed" },
"file" : { "type" : "string" },
"message" : { "type": "string"}
}
}}}
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/b1d382b5-0fa7-4a2c-96f0-150d856482cc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
