On Thursday, January 22, 2015 at 11:57 CET,
Aldian <[email protected]> wrote:
> I am using the usual ELK stack with the default template
> ([1]http://pastebin.com/DtYiazVr). In every log message, the date in
> stored in field named "log_date", which the date filter converts in a
> "@timestamp". I want to set the "log_date" field as "not_analyzed" so
> that I can sort it in Kibana without getting weird results.
You're storing the same timestamp in two fields? Why?
> I built the following query
> curl -XPUT localhost:9200/_template/template_1 -d '
> {
> "template" : "logstash-*",
> "properties" : {
> "log_date" : {
> "type" : "string",
> "index" : "not_analyzed"
> }
> }
> }
> Can you confirm that the request is correct?
It looks okay. You may want to use the 'order' key to make sure these
two matching index templates are applied in a well-defined and obvious
order.
> I have doubts about the template name. I thought about calling url
> localhost:9200/_template/logstash in order to modify the existing
> template rather than creating a new one, but I am afraid of what could
> happen the day I restart logstash, so my thinking is that if all works
> as intended, both logstash default template and that one will apply.
I disable Logstash's index template handling and maintain my own
template (that started out as a copy of Logstash's).
> Also I believe that templates are only about future data. Is there any
> way to retro apply it back on existing indexes?
You'll have to reindex the data, e.g. using es-reindex.
https://github.com/geronime/es-reindex
--
Magnus Bäck | Software Engineer, Development Tools
[email protected] | Sony Mobile Communications
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/20150129122021.GE30366%40seldlx20533.corpusers.net.
For more options, visit https://groups.google.com/d/optout.
