Created
June 22, 2012 04:49
-
-
Save deverton/2970285 to your computer and use it in GitHub Desktop.
Logstash Elasticsearch Template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "template": "logstash-*", | |
| "settings" : { | |
| "number_of_shards" : 1, | |
| "number_of_replicas" : 0, | |
| "index" : { | |
| "query" : { "default_field" : "@message" }, | |
| "store" : { "compress" : { "stored" : true, "tv": true } } | |
| } | |
| }, | |
| "mappings": { | |
| "_default_": { | |
| "_all": { "enabled": false }, | |
| "_source": { "compress": true }, | |
| "dynamic_templates": [ | |
| { | |
| "string_template" : { | |
| "match" : "*", | |
| "mapping": { "type": "string", "index": "not_analyzed" }, | |
| "match_mapping_type" : "string" | |
| } | |
| } | |
| ], | |
| "properties" : { | |
| "@fields": { "type": "object", "dynamic": true, "path": "full" }, | |
| "@message" : { "type" : "string", "index" : "analyzed" }, | |
| "@source" : { "type" : "string", "index" : "not_analyzed" }, | |
| "@source_host" : { "type" : "string", "index" : "not_analyzed" }, | |
| "@source_path" : { "type" : "string", "index" : "not_analyzed" }, | |
| "@tags": { "type": "string", "index" : "not_analyzed" }, | |
| "@timestamp" : { "type" : "date", "index" : "not_analyzed" }, | |
| "@type" : { "type" : "string", "index" : "not_analyzed" } | |
| } | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -XPUT 'http://localhost:9200/_template/template_logstash/' -d @logstash-template.json |
For anybody who is interested - the line that was preventing Kibana from querying the index is:
"query" : { "default_field" : "@message" },
Remove that, re-index and Kibana works fine.
FYI i added:
"numeric_detection" : true,
to get automatically numeric fields (integer, long, float...).
@gregmruphy
how re-index? Please tell me the way
thanks !
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Do you use Kibana to query your ES indexes?
I've tried your template against ES 0.90.5 and Kibana 3.0.0milestone4, and any indexes created using the template don't return any data to Kibana. The data is loaded into the index, and I run basic queries against it successfully myself, but if I try the query Kibana runs then no data is returned.
I'll carry on investigating myself, but was interested to know if you've seen the same problem.