Hi Folks, Blundering around with an ELK stack I've managed to break it, yay me! I was trying to disable the _all field as (I believe) it basically duplicates all the data I'm already storing, so after way too much googling I came up with this,
curl -XPUT http://localhost:9200/_template/logstash_per_index -d '{ "template" : "logstash*", "settings" : { "number_of_shards" : 2, "index.cache.field.type" : "soft", "index.refresh_interval" : "5s", "index.store.compress.stored" : true, "index.query.default_field" : "@message" }, "mappings" : { "_default_" : { "_all" : {"enabled" : false}, "properties" : { "@fields" : { "type" : "object", "dynamic": true, "path": "full", "properties" : { "clientip" : { "type": "ip"} } }, "@message": { "type": "string", "index": "analyzed" }, "@source": { "type": "string", "index": "analyzed" }, "@source_host": { "type": "string", "index": "analyzed" }, "@source_path": { "type": "string", "index": "analyzed" }, "@tags": { "type": "string", "index": "analyzed" }, "@timestamp": { "type": "date", "index": "analyzed" }, "@type": { "type": "string", "index": "analyzed" } } } } } ' And now kibana isn't showing anything from the time the mapping was applied, older data is fine. I can see documents and data going into the stack via Bigdesk and Head but I can't visualise them with kibana. Can anyone help ? What did I do wrong ? At the moment I'd settle for reapplying the default out-of-the-box mappings if I could find them anywhere, or if I knew how to do it :( JJ -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/cad60329-5d03-42a9-8842-fd378d4ea66b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
