This technically sounds like a Kibana question, so you might have better luck with the Logstash mailing list.
Can't you simply prepend the field name in the query instead of relying on the default field? You can also change field names in Logstash. Another option is the copy-to-field. Similar to _all, but with more flexibility. http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/mapping-core-types.html#copy-to Cheers, Ivan On Mon, Jul 14, 2014 at 4:12 AM, horst knete <[email protected]> wrote: > Anyone got an idea how to realize that? I think that there are a few uses > which got Netflow AND other types of events inserting into Elasticsearch > and for those a disabled _all Field would save much hard disk space > > -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/2b19c405-46b0-483b-9d22-73fa0c6dca5b%40googlegroups.com > <https://groups.google.com/d/msgid/elasticsearch/2b19c405-46b0-483b-9d22-73fa0c6dca5b%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQC2woJNr301UbpbzA6fh6SAh2SJf8NE9NKtr9dh-M8_3Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
