Hey guys, I really want to disable the _all-Field in the ES-Indices to save some disk-space on our system.
Normally its not the problem - adjust template in ES, and set "message"-Field to the new default query field, that is normally available in any event. The problem is that we also have many netflow-events with the netflow-codec that have the following form: <https://lh4.googleusercontent.com/-CDQQs5e5a7o/U6lUvjikncI/AAAAAAAAACo/LHpMXlYLMWw/s1600/netflow.PNG> As you might notice there isnt any "message"-field so the Kibana lucene query would run into an error. My question is - how do i manage it to make this work (disabling _all-Field but search in the netflow-events)? Thanks for response. -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/9ab09bba-392f-4f77-8937-aa518c22292f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
