Lasse, > The copy_to feature looks nice, but for now I'm happy using the _all > feature. >
Glad you're happy with the _all feature. > However I don't think my question was fully answered. When creating the > new index, how do I change the _all analyzer? Are you saying that I need to > change the analyzer on each of the fields I've enabled _all on? > Ok, so not so happy after all! :-) This link <http://elasticsearch-users.115913.n3.nabble.com/Specifying-analyzer-for-all-field-td3851732.html> contains a good description of the _all field. I admit that it's also confusing to me. But I always now disable the _all field. Then: 1. For a general directory query application, I lock down Elasticsearch to disable the _all field, prevent unmapped fields from being added, prevent unmapped types from being added, and prevent indexes from being automatically created with the addition of the first document. 2. For processing logs using the ELK stack, I disable the _all field and specify the use of the message field as the default. Then all of my logstash configurations use the message field but do not modify it. Then I create the mapping I wish for the message field and all is well (no pun intended!). Brian -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/b738433d-e81f-4355-8fca-404b254a81ec%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
