Hey, you can set the index.query.default_field in the mapping to circumvent this, see http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/mapping-all-field.html#mapping-all-field
--Alex On Tue, Jun 24, 2014 at 12:39 PM, horst knete <[email protected]> wrote: > Hey guys, > > I really want to disable the _all-Field in the ES-Indices to save some > disk-space on our system. > > Normally its not the problem - adjust template in ES, and set > "message"-Field to the new default query field, that is normally available > in any event. > > The problem is that we also have many netflow-events with the > netflow-codec that have the following form: > > > <https://lh4.googleusercontent.com/-CDQQs5e5a7o/U6lUvjikncI/AAAAAAAAACo/LHpMXlYLMWw/s1600/netflow.PNG> > > As you might notice there isnt any "message"-field so the Kibana lucene > query would run into an error. > > My question is - how do i manage it to make this work (disabling > _all-Field but search in the netflow-events)? > > Thanks for response. > > -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/9ab09bba-392f-4f77-8937-aa518c22292f%40googlegroups.com > <https://groups.google.com/d/msgid/elasticsearch/9ab09bba-392f-4f77-8937-aa518c22292f%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAGCwEM9N1nEPEZi%3D%3DqA4_FDDTjV_twrAcNQZA57Hi1XvxW2OLg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
