Reputation: 729
How to specify a default-mapping.json in Elasticsearch
I'm trying to add a default-mapping.json file but I'm not sure if it is read. How can I properly test it? And if it is failing to be read, how do I specify Elasticsearch to read that file? This is the file in /etc/default:
# Run Elasticsearch as this user ID and group ID
#ES_USER=elasticsearch
#ES_GROUP=elasticsearch
# Heap Size (defaults to 256m min, 1g max)
#ES_HEAP_SIZE=2g
# Heap new generation
#ES_HEAP_NEWSIZE=
# max direct memory
#ES_DIRECT_SIZE=
# Maximum number of open files, defaults to 65535.
#MAX_OPEN_FILES=65535
# Maximum locked memory size. Set to "unlimited" if you use the
# bootstrap.mlockall option in elasticsearch.yml. You must also set
# ES_HEAP_SIZE.
#MAX_LOCKED_MEMORY=unlimited
# Maximum number of VMA (Virtual Memory Areas) a process can own
#MAX_MAP_COUNT=262144
# Elasticsearch log directory
#LOG_DIR=/var/log/elasticsearch
# Elasticsearch data directory
#DATA_DIR=/var/lib/elasticsearch
# Elasticsearch work directory
#WORK_DIR=/tmp/elasticsearch
# Elasticsearch configuration directory
#CONF_DIR=/etc/elasticsearch
# Elasticsearch configuration file (elasticsearch.yml)
#CONF_FILE=/etc/elasticsearch/elasticsearch.yml
# Additional Java OPTS
#ES_JAVA_OPTS=
# Configure restart on package upgrade (true, every other setting will lead to not restarting)
#RESTART_ON_UPGRADE=true
And then this is the default-mapping.json placed in the /etc/elasticsearch
{
"_default_": {
"_all": { "enabled": false },
"_source": { "compress": true },
"properties" : {
"message" : { "type" : "string", "index" : "analyzed" },
"source_host" : { "type" : "string", "index" : "not_analyzed" },
"tags": { "type": "string", "index" : "not_analyzed" },
"@timestamp" : { "type" : "date", "index" : "not_analyzed" },
"type" : { "type" : "string", "index" : "not_analyzed" }
}
}
}
Upvotes: 1
Views: 5983
Answers (2)
Reputation: 4489
The good way to create a default mapping in elasticsearch is via templates, here is what yours would look like:
{
"template_11": {
"template": "*",
"mappings": {
"_default_": {
"_all": {
"enabled": false
},
"_source": {
"compress": true
},
"properties": {
"message": {
"type": "string",
"index": "analyzed"
},
"source_host": {
"type": "string",
"index": "not_analyzed"
},
"tags": {
"type": "string",
"index": "not_analyzed"
},
"@timestamp": {
"type": "date",
"index": "not_analyzed"
},
"type": {
"type": "string",
"index": "not_analyzed"
}
}
}
}
}
}
Put this template inside $config_dir/templates/template_11.json
If you're unsure what is your path, check https://stackoverflow.com/a/23338461/1619406
For example, mine was /usr/share/elasticsearch/config/templates/templates_11.json
Now, every time you create a new index, it will use this template as the default mapping.
Hope this helps,
References:
Update: the aforementioned answer is no longer applicable for versions 2.x or 5.x according to this answer, which references these two links in documentation, and discussion.
Upvotes: 3
Reputation: 29
Test the analyzer used on the indexing the field value using the /analyze endpoint.
curl -s -XGET 'http://localhost:9200/url-test/_analyze?text=http://example.com&pretty'
You need to define a raw field(not analyzed) to search
"fieldname": {
"type": "string",
"norms": {
"enabled": false
},
"fielddata": {
"format": "disabled"
},
"fields": {
"raw" : {"type": "string",
"index" : "not_analyzed",
"doc_values" : true,
"ignore_above" : 256
}
}
},
Upvotes: 0
Related Questions
- Elasticsearch - nested unknown mapping properties - set default type
- Adding default value to existing mapping in elastic search
- How can I setup a default mapping in Elastic Search when it creates a new Patterned Index?
- How to define dynamically / override the _default_ mapping in elasticsearch?
- Elasticsearch default mapping nested fields
- Elastic Search Default Mapping Configuration
- Is it possible to define default mapping for an inner object in ElasticSearch?
- Elasticsearch default mapping
- ElasticSearch: How to set a default mapping to a template
- Default datatype mapping in elasticsearch