Hi, if you want to ensure that a document field has always the same type, you'll have to create a custom index mapping ( https://www.elastic.co/guide/en/elasticsearch/reference/1.7/mapping.html) and make sure it will be applied to new indices by creating an index template with your custom mapping ( https://www.elastic.co/guide/en/elasticsearch/reference/1.7/indices-templates.html ).
Cheers, Jochen On Friday, 8 April 2016 15:53:44 UTC+2, grayl...@gmx.de wrote: > > Hello, > > We have a problem with the @timestamp field. Sometimes it is wrongly > created as string instead of date. > > We use the following pipeline: > > Docker -- mixed logs in GELF format --> graylog2-server1 -- only JSON logs > in GELF format --> graylog2-server2. > > Both graylog2 servers are connected to the same ElasticSearch cluster. > Each graylog2-server uses a separate index-pattern. > > Graylog2 version is 1.3.4. > > The indexes of graylog2-server2 should always create the @timestamp field > as date. Is there a way to force graylog2 to use always date? > > Thanx in advancd! > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/8bd72ac8-dc79-4c77-8040-f6b61bd0ced0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
