https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15719
[email protected] changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |[email protected]
--- Comment #6 from [email protected] ---
Regarding this issue, I also had many problems with mappings.
Elasticsearch 6.7.1, among many other problems, does not support either
duplicate entries. My workaround to make it work on Elasticsearch 6.7.1 was
transforming the mapping via jq (in Linux):
jq '.index_patterns = [.template] | del(.template) |
.settings["index.mapping.total_fields.limit"] =
(.settings["index.mapping.total_fields.limit"]|tostring) | (.. |
select(.type=="string")? | .type) |= "text" | .mappings["doc"] =
.mappings["pcap_file"] | del(.mappings["pcap_file"])' mapping.json >
mapping.6.7.1.json
This way, I can submit the mapping succesfully, but many mapping fields do not
seem to match. For instance, I get a mapping for "layers.ip.ip_src_host"
instead of "layers.ip.ip_ip_src_host" (which is what I get from tshark)...
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:[email protected]?subject=unsubscribe
