Reputation: 57

Is it possible to set custom mapping for index in logstash but not in elasticsearch?

There's input, filter and then output in Logstash main coding.

Is it possible to set custom mapping in

output
    { elasticsearch {

}

If it is possible, how do I set it? With this example:

    "mappings" : {
  "_default_" : {
   "properties" : {
"service" : { "type" : "integer" },
"rule" : { "type" : "integer" },
"ICMP Type" : { "type" : "integer" },
"ICMP Code" : { "type" : "integer" },
"ip_offset" : { "type" : "integer" },
"ip_id" : { "type" : "integer" },
"ip_len" : { "type" : "integer" },
"Confidence Level" : { "type" : "integer" },
"fragments_dropped" : { "type" : "integer" },
"Severity" : { "type" : "integer" },
"serial_num" : { "type" : "integer" },
"during_sec" : { "type" : "integer" },
"Attack info" : {"type": "string", "index" : "not_analyzed" },
"peer gateway" : {"type": "string", "index" : "not_analyzed" }

Upvotes: 1

Answers (2)

mherbert

Reputation: 515

You can use template and template_overwrite fields like that :

 elasticsearch {
    template => "/tttttttttttt/elasticsearch-logstash-template.json"
    index => "logstash-%{+YYYY.MM.dd}"
    cluster=>"cluster"
    template_overwrite => true
}

Upvotes: 0

Alain Collins

Reputation: 16362

Logstash comes with a default template that is used when writing documents to elasticsearch.

If you'd like to change the default, you can update your config and pass it the location of a template file.

https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-template

Upvotes: 1

Is it possible to set custom mapping for index in logstash but not in elasticsearch?

Answers (2)

Related Questions