I did a retry with all manipulation mapping, fixed index name and recreate
index. It work perfect but I have a little issue. Any new field have
"index" : "not_analyzed" yet.
curl -X GET 'http://localhost:9200/_template?pretty'
http://pastebin.com/5hyFHkzJ
My "graylog-custom-mapping" contains "index" : "analyzed" in
"dynamic_templates"
"dynamic_templates" : [ {
"internal_fields" : {
"mapping" : {
"analyzer" : "standard",
"index" : "analyzed",
"type" : "string"
},
"match" : "gl2_*"
}
}, {
"store_generic" : {
"mapping" : {
"analyzer" : "standard",
"index" : "analyzed",
"type" : "string"
},
"match" : "*"
}
} ],
I created the new extractor with field "ipt1258", but index of "ipt1258"
is "not_analyzed"
"ipt1258" : {
"type" : "string",
"index" : "not_analyzed"
},
curl -X GET 'http://localhost:9200/graylog2_0?pretty'
http://pastebin.com/NATNvHjG
Also in graylog2_0 index "dynamic_templates" non equivalent to
"dynamic_templates" in "graylog-custom-mapping" template. At same time
"ipt1132" is correct.
What am I doing wrong?
среда, 7 сентября 2016 г., 11:59:19 UTC+3 пользователь Jochen Schalanda
написал:
>
> Hi,
>
> did you create the index "graylog2_0" after you've added your custom index
> mapping and the custom index template? Only newly created indices will
> receive the new index mapping.
>
> The index name also doesn't match the pattern you're using (which is
> "graylog_*" and not "graylog2_*").
>
> Also see
> http://docs.graylog.org/en/2.1/pages/configuration/elasticsearch.html#custom-index-mappings
>
> for working examples.
>
>
> Cheers,
> Jochen
>
> On Tuesday, 6 September 2016 22:47:26 UTC+2, SancheZZS wrote:
>>
>> I added new templates mygraylog and mygraylog2.
>> curl -X GET 'http://localhost:9200/_template?pretty' returns
>> http://pastebin.com/qnweRuqb
>>
>> After that I cretated new fields ipt2323 and ipt2301. It doesn't work
>> for me
>> "ipt2301" : {
>> "type" : "string",
>> "index" : "not_analyzed"
>> },
>> "ipt2323" : {
>> "type" : "string",
>> "index" : "not_analyzed"
>> },
>>
>> curl -X GET 'http://localhost:9200/graylog2_0?pretty'
>> http://pastebin.com/dkaFZq3A
>> What am I missing ?
>>
>> вторник, 6 сентября 2016 г., 19:35:59 UTC+3 пользователь Jochen Schalanda
>> написал:
>>>
>>> Hi,
>>>
>>> you can simply create your own index mapping and put it into a custom
>>> index template to achieve this. The Graylog index template has the lowest
>>> priority ("order") and any other index template can override its settings.
>>>
>>> See
>>> https://www.elastic.co/guide/en/elasticsearch/reference/2.3/mapping.html
>>> and
>>> https://www.elastic.co/guide/en/elasticsearch/reference/2.3/indices-templates.html
>>>
>>> for details.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Tuesday, 6 September 2016 17:20:17 UTC+2, SancheZZS wrote:
>>>>
>>>> Hello!
>>>> After first run graylog2 I have defaut template in Elasticsearch
>>>> curl -X GET 'http://loclahost:9200/_template?pretty'
>>>> http://pastebin.com/e5LPiGzC
>>>>
>>>> How to change mapping in "dynamic_templates" and "store_generic" from
>>>> "index" : "not_analyzed" to
>>>>
>>>> "analyzer" : "standard",
>>>> "index" : "analyzed",
>>>> "type" : "string"
>>>> ?
>>>>
>>>> I want that any new field, created in web interface, must have "index"
>>>> : "analyzed". By default they have
>>>> "index" : "not_analyzed",
>>>> "type" : "string"
>>>>
>>>> Any advice is greatly appreciated.
>>>>
>>>>
>>>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/23529511-d629-4cfd-a7db-3147838031b2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
