JSON string Mapping in elasticsearch

Wed, 11 Jun 2014 05:34:08 -0700 

Hi 

 We  are in development  phase  and   using one master and two  data node 
setup.

 I am using elasticserch to  save  application log  in JSON format.

 So that we could easily create mapping on all josn filed .

*Our Log format  is very simple  JSON string .*

*{*
*"timestamp"   :"",*
*"application" :"",*
*"severity"    :"",*
*"clientip"    :"",*
*"server"      :"",*
*"exception"   :""*

*}*

Now When I  am sending log  logstash to Elasticserch then log is being 
saved and displaying under @message column on Kibana  and _plugin Head as a 
JSON string

 Now I  want to create mapping  on  three fields (*timestamp*,*application*
 and *severity* ) form JSON string to  create schema and make these filed 
searchable.

To create mapping i run the below curl command 

curl -XPUT http://localhost:9200/_template/logstash_per_index -d '{
   "template" :"logstash*",
   "settings" : {
      
       "index.cache.field.type" :"soft",
       "index.store.compress.stored" : true,
       "index.query.default_field" :"@message"
     
    },
   "mappings" : {
       "_default_" : {
          "_all" : {"enabled" : false},
          "properties" : {
             "@message" : {
               
                  "properties" : {
               *        "timestamp" : {"type":"date"},*
*                       "application" : {"type":"string"},*
*                       "severity" : {"type":"string"}*
                    

                   }
              },
             "@source": {"type":"string","index":"not_analyzed" },
             "@source_host": {"type":"string","index":"not_analyzed" },
             "@source_path": {"type":"string","index":"not_analyzed" },
             "@tags": {"type":"string","index":"not_analyzed" },
             "@timestamp": {"type":"date","index":"not_analyzed" },
              "@type": {"type":"string","index":"not_analyzed" }    
           }   
        }
   }
}
'

But  after  run these command these filed are not searchable yet (i.e Not 
comming   as separate column ).

[image: Inline image 1]


We are not  not able figure out  what is   the wrong with this mapping.

Kindly suggest .

Regards
Rahul

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/ea36a487-7bd5-4b4e-9973-bf048c95713e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to