All, This seems apropos to the current discussion and could help clear up some confusion on recommendations etc. We, Elasticsearch, are hosting a Webinar on ELK, given by the Logstash creator, Jordan Sissel.
Its today in 40 minutes. http://www.elasticsearch.org/webinars/introduction-elk-stack/ On Wednesday, July 2, 2014 6:08:34 AM UTC-7, Brian wrote: > > > Patrick, >> >> >> >> >> *> Well, I did answer your question. But probably not from the direction >> you expected. hmm no, you didn't. My question was: "it looks like I cant >> retrieve/display [_all fields] content. Any idea?" and you replied with >> your logstash template where _all is disabled. I'm interested in disabling >> _all, but that was not my question at this point.* >> > > Fair enough. I don't know the inner details; I am just an enthusiastic end > user. > > To the best of my knowledge, there is no content for the _all field; I > view this as an Elasticsearch psuedo field whose name is _all and whose > index terms are taken from all fields (by default), but still there is no > actual content for it. > > And after I got into the habit of disabling the _all field, my hands-on > exploration of its nuances have ended. It's time for the experts to explain! > > >> >> *Your answer to my second message, below, is informative and interesting >> but fails to answer my second question too. I simply asked whether I need >> to feed the complete modified mapping of my template or if I can just push >> the modified part (ie. the _all:{enabled: false} part). * >> > > Again, I have never done this, so I can only tell you what I do. I just > cannot tell you all the nuances of what Elasticsearch is capable of. > > My recommendation is to try it. Elasticsearch is great at letting you > experiment and then telling you clearly if your attempt succeeds or fails. > > So, try your scenario. If it fails, then it didn't work or you did > something wrong. If it succeeds, then you can see exactly what > Elasticsearch actually accepted as your mapping. For example: > > curl 'http://localhost:9200/logstash-2014.06.30/_mapping?pretty=true' && > echo > > This particular query looks at one of my logstash-generated indices, and > it lets me verify that Elasticsearch and Logstash conspired to create the > mappings I expected. I used this command quite a bit until I finally got > everything configured correctly. (I actually verify the mapping via > Elasticsearch Head, but under the covers it's the same command.) > > Brian > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/d2dd4206-c8bd-4c96-90df-5ad4a7bce5e1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
