I did a retry with all manipulation mapping, fixed index name and recreate
index. It work perfect but I have a little issue. Any new field have
"index" : "not_analyzed" yet.
curl -X GET 'http://localhost:9200/_template?pretty'
http://pastebin.com/5hyFHkzJ
My "graylog-custom-mapping" contains "index" : "analyzed" in
"dynamic_templates"
"dynamic_templates" : [ {
"internal_fields" : {
"mapping" : {
"analyzer" : "standard",
"index" : "analyzed",
"type" : "string"
},
"match" : "gl2_*"
}
}, {
"store_generic" : {
"mapping" : {
"analyzer" : "standard",
"index" : "analyzed",
"type" : "string"
},
"match" : "*"
}
} ],
I created the new extractor with field "ipt1258", but index of "ipt1258"
is "not_analyzed"
"ipt1258" : {
"type" : "string",
"index" : "not_analyzed"
},
curl -X GET 'http://localhost:9200/graylog2_0?pretty'
http://pastebin.com/NATNvHjG
Also in graylog2_0 index "dynamic_templates" non equivalent to
"dynamic_templates" in "graylog-custom-mapping" template. At same time
"ipt1132" is correct.
What am I doing wrong?
среда, 7 сентября 2016 г., 11:59:19 UTC+3 пользователь Jochen Schalanda
написал:
>
> Hi,
>
> did you create the index "graylog2_0" after you've added your custom index
> mapping and the custom index template? Only newly created indices will
> receive the new index mapping.
>
> The index name also doesn't match the pattern you're using (which is
> "graylog_*" and not "graylog2_*").
>
> Also see
> http://docs.graylog.org/en/2.1/pages/configuration/elasticsearch.html#custom-index-mappings
>
> for working examples.
>
>
> Cheers,
> Jochen
>
> On Tuesday, 6 September 2016 22:47:26 UTC+2, SancheZZS wrote:
>>
>> I added new templates mygraylog and mygraylog2.
>> curl -X GET 'http://localhost:9200/_template?pretty' returns
>> http://pastebin.com/qnweRuqb
>>
>> After that I cretated new fields ipt2323 and ipt2301. It doesn't work
>> for me
>> "ipt2301" : {
>> "type" : "string",
>> "index" : "not_analyzed"
>> },
>> "ipt2323" : {
>> "type" : "string",
>> "index" : "not_analyzed"
>> },
>>
>> curl -X GET 'http://localhost:9200/graylog2_0?pretty'
>> http://pastebin.com/dkaFZq3A
>> What am I missing ?
>>
>> вторник, 6 сентября 2016 г., 19:35:59 UTC+3 пользователь Jochen Schalanda
>> написал:
>>>
>>> Hi,
>>>
>>> you can simply create your own index mapping and put it into a custom
>>> index template to achieve this. The Graylog index template has the lowest
>>> priority ("order") and any other index template can override its settings.
>>>
>>> See
>>> https://www.elastic.co/guide/en/elasticsearch/reference/2.3/mapping.html
>>> and
>>> https://www.elastic.co/guide/en/elasticsearch/reference/2.3/indices-templates.html
>>>
>>> for details.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Tuesday, 6 September 2016 17:20:17 UTC+2, SancheZZS wrote:
>>>>
>>>> Hello!
>>>> After first run graylog2 I have defaut template in Elasticsearch
>>>> curl -X GET 'http://loclahost:9200/_template?pretty'
>>>> http://pastebin.com/e5LPiGzC
>>>>
>>>> How to change mapping in "dynamic_templates" and "store_generic" from
>>>> "index" : "not_analyzed" to
>>>>
>>>> "analyzer" : "standard",
>>>> "index" : "analyzed",
>>>> "type" : "string"
>>>> ?
>>>>
>>>> I want that any new field, created in web interface, must have "index"
>>>> : "analyzed". By default they have
>>>> "index" : "not_analyzed",
>>>> "type" : "string"
>>>>
>>>> Any advice is greatly appreciated.
>>>>
>>>>
>>>>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/23529511-d629-4cfd-a7db-3147838031b2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
