Reputation: 31560
Why are these fields falling through to elasticsearch that are not defined in my index template?
I disabled dynamic fields in my index template:
{
"template": "logstash-mysexylogs*",
"order": 10,
"mappings": {
"_default_": {
"dynamic": false,
"_all": {
"enabled": false
},
Now as I am looking over my logs in Kibana I will occasionally see this:
These fields where not defined in the template so they shouldn't exist AT ALL, but for a few logs I will see them as shown in that screen shot.
Why does this happen and only happen with a few (not all logs) and how do I prevent this from happening?
These particular fields would be present in ALL the logs if I was not filtering them out in the template so Im confused why this is happening with only a scant few and not all of them.
Upvotes: 0
Views: 752
Answers (1)
Reputation: 291
You need to set dynamic to strict.
"mappings": {
"_default_": {
"dynamic": "strict"
}
}
Per the documentation,
if elasticsearch detects a new field, it will by default add it to the mapping. Setting "dynamic": false turns this setting off, and new fields won't dynamically be added.
This post may also be helpful.
Upvotes: 4
Related Questions
- Elasticsearch index not being created with settings from logstash template
- Custom indexing template is not being applied
- Elasticsearch fields from one index appearing into another index
- Leave out default Logstash fields in ElasticSearch
- Defined Template from logstash not being used by elastic search for mapping
- Only allow fields that are in the index template
- Disabling analyzing of fields not present in index template
- How to leverage logstash to index data but not generating extra fields from logstash
- Remove unnecessary fields in ElasticSearch
- Logstash keeps overwriting Elasticsearch index template