Rainer - You can definitely define specific fields to be specific data types. Here is teh Elasticsearch documetnation page on it. Look at the section for 'Customizing field mappings.'
http://www.elasticsearch.org/guide/en/elasticsearch/guide/current/mapping-intro.html -- James ________________________________________ From: rsyslog-boun...@lists.adiscon.com <rsyslog-boun...@lists.adiscon.com> on behalf of Rainer Gerhards <rgerha...@hq.adiscon.com> Sent: Friday, September 5, 2014 7:25 AM To: rsyslog-users Subject: Re: [rsyslog] request for help with ES auto tests Just FYI: I got the basic test working. Will see that I add some to check the error file. Is there any way that I can tell ES to require a field (which I then would not provide in order to trigger an error). Or alternatively to tell ES a field must NOT be numeric? I want to make sure I can check messages that go to the error log. Thanks again, Rainer On Tue, Sep 2, 2014 at 7:22 AM, Radu Gheorghe <radu.gheor...@sematext.com> wrote: > Hi Rainer, > > I'll inline. > > > > I guess the answer is "no", but I still thought I ask ;) > > > > When I do this, I get some JSON back (see after my sig). > > > > Two questions: > > > > #1 is it possible to get only the field "msgnum", and that raw (I would > > like to have a file with one number on each line, nothing else). I know I > > can "solve" this with some postprocessor script, but if its doable > directly > > via the API, I'd prefer that (less moving parts). > > > > No, you can't get rid of the other stuff. You can choose to show only one > (or more fields) from the documents by using the "fields" parameter, but > that won't help here because you already have just one field in the docs. > > > > > > #2 The response says (as I interpret it), there are 100 results (which is > > what I pushed), but I only see a small subset. Is that already the paging > > problem? > > > > By default, ES returns the top 10 results (by score - which is 1.0 > everywhere because you don't search for any query). You can change that by > adjusting the size parameter, like: > > curl 'localhost:9200/_search?pretty&size=100' > > In theory, you can make "size" as big as you want. In practice, ES isn't > great at returning huge results (think millions, it should have problems > with 100 or 1000), because it has to load everything in memory and sort by > score in order to return that result. That's why, for deep paging, the > scroll method I mentioned is better. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
