Hi, if you want to ensure that a document field has always the same type, you'll have to create a custom index mapping ( https://www.elastic.co/guide/en/elasticsearch/reference/1.7/mapping.html) and make sure it will be applied to new indices by creating an index template with your custom mapping ( https://www.elastic.co/guide/en/elasticsearch/reference/1.7/indices-templates.html ).
Cheers, Jochen On Friday, 8 April 2016 15:53:44 UTC+2, [email protected] wrote: > > Hello, > > We have a problem with the @timestamp field. Sometimes it is wrongly > created as string instead of date. > > We use the following pipeline: > > Docker -- mixed logs in GELF format --> graylog2-server1 -- only JSON logs > in GELF format --> graylog2-server2. > > Both graylog2 servers are connected to the same ElasticSearch cluster. > Each graylog2-server uses a separate index-pattern. > > Graylog2 version is 1.3.4. > > The indexes of graylog2-server2 should always create the @timestamp field > as date. Is there a way to force graylog2 to use always date? > > Thanx in advancd! > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/8bd72ac8-dc79-4c77-8040-f6b61bd0ced0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
