Hi Ivan,
thanks for your answer, i use as an indexer logstash.
this is my current mapping:
{
"template" : "logstash-*",
"settings" : {
"index.refresh_interval" : "5s",
"analysis" : {
"analyzer" : {
"default" : {
"type" : "standard",
"stopwords" : "_none_"
}
}
}
},
"mappings" : {
"_default_" : {
"_all" : {"enabled" : true},
"dynamic_templates" : [ {
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "multi_field",
"fields" : {
"{name}" : {"type": "string", "index" : "analyzed",
"omit_norms" : true },
"raw" : {"type": "string", "index" : "not_analyzed",
"ignore_above" : 256}
}
}
}
} ],
"properties" : {
"@version": { "type": "string", "index": "not_analyzed" },
"ipver":{"type":"long"},
"protocol":{"type":"long"},
"size":{"type":"long"},
"sp":{"type":"long"},
"stored":{"type":"boolean"},
"@timestamp":{"type":"date", "format":"dateOptionalTime"},
"dp":{"type":"long"},
"rcvd":{"type":"long"},
"sent":{"type":"long"},
"sid":{"type":"long"},
"policy_id":{"type":"long"},
"size":{"type":"long"},
"ids_priority":{"type":"long"},
"duration":{"type":"long"},
"src_port":{"type":"long"},
"src_xlated_port":{type: "long"},
"dst_port":{"type":"long"},
"dst_xlated_port":{type: "long"},
"TTL":{"type":"long"},
"geoip" : {
"type" : "object",
"dynamic": true,
"path": "full",
"properties" : {
"location" : { "type" : "geo_point" }
}
}
}
}
}
}
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/7d0e5d29-4747-4dfa-9b79-9469e4814d91%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
