Re: Doc Values

[Kadaan]

Great!  That does look pretty close.  Guessing I could use an index template 
with order=int.max, set the template to * and configure the _default_ mapping.  
Only thing I'm not sure about is how to restrict field data to either off or 
doc_values for fields whose names I do not know. Dynamic templates don't seem 
to work because they only apply if an explicit mapping doesn't exist.  Any 
suggestions on what could be added to an index template which would achieve my 
goals?

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/83794a3b-5d5c-4f4e-b4cb-043d3d177c56%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Doc Values

[David Pilato]

Have a look at 
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/indices-templates.html#indices-templates

This will help IMO.

David

> Le 8 févr. 2015 à 02:44, Joel Baranick  a écrit :
> 
> Sure.  I get that, but I'm talking about a multi-tenant environment where I 
> do not control the index templates or mappings which are installed.  In this 
> scenario it would be nice to be able to configure the cluster to only allow 
> field data to be off or doc_values.
> 
>> On Saturday, February 7, 2015 at 1:58:00 PM UTC-8, Itamar Syn-Hershko wrote:
>> You don't need a plugin for index when an index is created - use index 
>> templates + dynamic templates for this, e.g. 
>> http://www.elasticsearch.org/guide/en/elasticsearch/guide/current/custom-dynamic-mapping.html#dynamic-templates
>> 
>> --
>> 
>> Itamar Syn-Hershko
>> http://code972.com | @synhershko
>> Freelance Developer & Consultant
>> Lucene.NET committer and PMC member
>> 
>>> On Sat, Feb 7, 2015 at 11:56 PM, Joel Baranick  wrote:
>>> Thanks. I will look into if I can create a plugin which will automatically 
>>> enable doc_values whenever an index is created or updated.  This seems like 
>>> it could be very useful for multitenant clusters.
>>> 
>>> --
>>> You received this message because you are subscribed to the Google Groups 
>>> "elasticsearch" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an 
>>> email to elasticsearc...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/elasticsearch/032429bb-38de-40f1-8290-334a4890851d%40googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/elasticsearch/96e8dea4-61bf-44bf-b14f-c38702b041f5%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/9BDEB4CA-55A2-4AB7-BE76-0EBF0B1E2DCA%40pilato.fr.
For more options, visit https://groups.google.com/d/optout.

Elasticsearch mapping for adding custom metadata payload to log entries in ELK stack

[Tomi SF]

We're using ELK stack for log management of a distributed application. In 
our log entries we have a field called "data" that can be of arbitrary 
type. We use this field to allow the developer to log any custom metadata 
releated to the incident that occurred. For example the following three 
entries could be samples of items we'd like to be able to log and store to 
Elasticsearch.

{"message" : "Fire Alarm", "level" : "emergency", "data" : { "Location" : 1, 
"Temperature" : 76.3 } }
{"message" : "Remote query exceeded warning timeout", "level" : "warning", 
"data" : 500}
{"message" : "UPS not available", "level" : "warning", "data" : { "Location" 
: "San Francisco", "Rack" : 1 } }

All other fields map nicely to Elasticsearch built-in field types but we 
don't know how to treat the "data" field as the value can be of any 
Elasticsearch type and different for each entry. When using the built-in 
Elasticsearch mapping shipping with Logstash, only the mapping of the first 
entry will be used. In the above example only the first message would be 
stored to the Elasticsearch index. 

It's okay if the data field is not indexed. But we'd still like to be able 
to store and retrieve it from elasticsearch. What kind of mapping document 
would work? I was trying different options but didn't seem to find one that 
would do what we needed. The logstash 1.5 default Elasticsearch mapping is 
below.

{
  "template" : "logstash-*",
  "settings" : {
"index.refresh_interval" : "5s"
  },
  "mappings" : {
"_default_" : {
   "_all" : {"enabled" : true},
   "dynamic_templates" : [ {
 "message_field" : {
   "match" : "message",
   "match_mapping_type" : "string",
   "mapping" : {
 "type" : "string", "index" : "analyzed", "omit_norms" : true
   }
 }
   }, {
 "string_fields" : {
   "match" : "*",
   "match_mapping_type" : "string",
   "mapping" : {
 "type" : "string", "index" : "analyzed", "omit_norms" : true,
   "fields" : {
 "raw" : {"type": "string", "index" : "not_analyzed", 
"ignore_above" : 256}
   }
   }
 }
   } ],
   "properties" : {
 "@version": { "type": "string", "index": "not_analyzed" },
"geoip"  : {
   "type" : "object",
 "dynamic": true,
 "path": "full",
 "properties" : {
   "location" : { "type" : "geo_point" }
 }
 }
   }
}
  }
}



Thanks,

Tomi

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/cbf47107-8061-429f-a024-0006a47420f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Doc Values

[Joel Baranick]

Sure.  I get that, but I'm talking about a multi-tenant environment where I 
do not control the index templates or mappings which are installed.  In 
this scenario it would be nice to be able to configure the cluster to only 
allow field data to be off or doc_values.

On Saturday, February 7, 2015 at 1:58:00 PM UTC-8, Itamar Syn-Hershko wrote:
>
> You don't need a plugin for index when an index is created - use index 
> templates + dynamic templates for this, e.g. 
> http://www.elasticsearch.org/guide/en/elasticsearch/guide/current/custom-dynamic-mapping.html#dynamic-templates
>
> --
>
> Itamar Syn-Hershko
> http://code972.com | @synhershko 
> Freelance Developer & Consultant
> Lucene.NET committer and PMC member
>
> On Sat, Feb 7, 2015 at 11:56 PM, Joel Baranick  > wrote:
>
>> Thanks. I will look into if I can create a plugin which will 
>> automatically enable doc_values whenever an index is created or updated.  
>> This seems like it could be very useful for multitenant clusters.
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "elasticsearch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to elasticsearc...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/elasticsearch/032429bb-38de-40f1-8290-334a4890851d%40googlegroups.com
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/96e8dea4-61bf-44bf-b14f-c38702b041f5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Paid help with ES/ELK?

[Mark Walkom]

The community is pretty strong, between this list, the Logstash list (
https://groups.google.com/forum/?hl=en-GB#!forum/logstash-users) and the
IRC channels, I am sure you can get your questions answered :)

On 8 February 2015 at 08:12, Itamar Syn-Hershko  wrote:

> I'm available for Elasticsearch consulting, feel free to ping me privately
>
> --
>
> Itamar Syn-Hershko
> http://code972.com | @synhershko 
> Freelance Developer & Consultant
> Lucene.NET committer and PMC member
>
> On Sat, Feb 7, 2015 at 11:04 PM, Steve Johnson  wrote:
>
>>
>> I’ll keep you up to date es5z via this thread.
>>
>>  I’ve gotten one response so far with no real info attached, and haven’t
>> followed up yet.  I will check with sites like elance at some point.
>>
>> Steve
>>
>> On Feb 7, 2015, at 3:06 AM, es5z wrote:
>>
>> I'm wondering the same thing actually. Have you tried freelancer websites
>> like elance and the others?
>>
>> On Friday, February 6, 2015 at 8:22:27 PM UTC+1, Steve Johnson wrote:
>>>
>>> I hope a posting like this is not taboo in this forum...
>>>
>>> We are struggling to understand how to properly configure an ELK stack
>>> for our production environment.  We think we have things set up pretty much
>>> right, and then ES throws us a curve ball.  We've had a couple of things
>>> happen over the last few days that are simply baffling to us.  We've decide
>>> we need the help of someone who really knows ES.
>>>
>>> Support companies all seem to want to sell only long-term contracts. We
>>> need short-term help.  We are therefore thinking that we need to find an
>>> individual ES expert who we can pay on an hourly basis to help us set up
>>> our ES cluster and learn how it works and how to maintain it.
>>>
>>> If anyone reading this fits this description, or knows of some other
>>> person or organization that does, please contact me at elastic <<>>
>>> filethis <<>> c0m.  If you're offering your services directly, please
>>> let me know as much as you can about your experience with ES, including the
>>> number of years you've worked with it and the sizes of the clusters you've
>>> worked with.
>>>
>>> TIA for all help!
>>>
>>> Steve
>>>
>>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "elasticsearch" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/elasticsearch/T4QQ2t23uAw/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> elasticsearch+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/elasticsearch/9ca23652-8eec-445c-945d-49eb82388499%40googlegroups.com
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "elasticsearch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to elasticsearch+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/elasticsearch/AD545C15-0FC1-4DBA-B3A5-1C8753353F84%40filethis.com
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/CAHTr4ZuJHVOodDVW2iF66Q_mFdRHpa_wLPTFJSOhJ2iTNsB%3D1w%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CAEYi1X-kfpgSNFKP-xWcrJrmWR69c%2Bb%2Bko9E99m5jkKLN-px3A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Showing date instead of time in x-axis for Kibana 4 beta 3 date histogram

[Srinivasan Muthu]

Hi all,

Great work by the way for visualizations. It makes our life so easy!

Is there a way to show the date in format 'MM/DD/' for weekly 
aggregation of documents in x-axis? Basically each bar is for a week ending 
that day. I always see the the hour '17:00" for every value in x-axis. See 
screenshot.

Thanks,
Srini

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/b04b96cc-b9ee-42d0-99c1-654cf8e6062f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Discovery on EC2 - unicast, separate VPCs, public IPs

[Norberto Meijome]

Are you referring to the master server by fqdn or IP?  If fqdn, don't
forget about ec2's split horizon (though I don't think it should be
resolvable across 2 separate VPCs...
Can you open a socket from host 1 to host 2 manually (with nc or telnet) on
TCP/9300?
On 08/02/2015 9:43 am, "Eugen Paraschiv"  wrote:

> Hi,
> I have the following simple EC2 topology:
> - a VPC with my entire cluster, running in a public subnet
> - a new slave in another VPC (also a public subnet)
> - I'm using unicast - the slave has the following config:
> discovery.zen.ping.multicast.enabled: false
> discovery.zen.ping.unicast.hosts: ["master_elastic_ip:9300"]
> So - the slave points to the public IP of the master - not the private
> one.
>
> However - this new slave tries to connect to the master on the private IP
> instead of the public one - and I'm getting:
> org.elasticsearch.common.netty.channel.ConnectTimeoutException: connection
> timed out: /172.61.51.253:9300
> Where 172.61.51.253 is the private IP.
> Not sure what that is - do I need to configure anything on the slave to
> make sure it uses the public IP to reach the master?
> Thanks,
> Eugen.
>
> --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/026f6d30-d496-4905-a5f9-80c6be82669b%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CACj2-4JqqAynnkvJ85JW3EphiM22_ONx1xHFH96-SrjZ2UKb6w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Discovery on EC2 - unicast, separate VPCs, public IPs

[Eugen Paraschiv]

Hi, 
I have the following simple EC2 topology: 
- a VPC with my entire cluster, running in a public subnet
- a new slave in another VPC (also a public subnet)
- I'm using unicast - the slave has the following config: 
discovery.zen.ping.multicast.enabled: false
discovery.zen.ping.unicast.hosts: ["master_elastic_ip:9300"]
So - the slave points to the public IP of the master - not the private one. 

However - this new slave tries to connect to the master on the private IP 
instead of the public one - and I'm getting: 
org.elasticsearch.common.netty.channel.ConnectTimeoutException: connection 
timed out: /172.61.51.253:9300
Where 172.61.51.253 is the private IP. 
Not sure what that is - do I need to configure anything on the slave to 
make sure it uses the public IP to reach the master?
Thanks, 
Eugen. 

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/026f6d30-d496-4905-a5f9-80c6be82669b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Doc Values

[Itamar Syn-Hershko]

You don't need a plugin for index when an index is created - use index
templates + dynamic templates for this, e.g.
http://www.elasticsearch.org/guide/en/elasticsearch/guide/current/custom-dynamic-mapping.html#dynamic-templates

--

Itamar Syn-Hershko
http://code972.com | @synhershko 
Freelance Developer & Consultant
Lucene.NET committer and PMC member

On Sat, Feb 7, 2015 at 11:56 PM, Joel Baranick  wrote:

> Thanks. I will look into if I can create a plugin which will automatically
> enable doc_values whenever an index is created or updated.  This seems like
> it could be very useful for multitenant clusters.
>
> --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/032429bb-38de-40f1-8290-334a4890851d%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CAHTr4ZuKav0hP6G%2BCM55t6r1pYh62%3DOY-eOQarMteEeVyDE7_w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Doc Values

[Joel Baranick]

Thanks. I will look into if I can create a plugin which will automatically 
enable doc_values whenever an index is created or updated.  This seems like it 
could be very useful for multitenant clusters.

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/032429bb-38de-40f1-8290-334a4890851d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Paid help with ES/ELK?

[Itamar Syn-Hershko]

I'm available for Elasticsearch consulting, feel free to ping me privately

--

Itamar Syn-Hershko
http://code972.com | @synhershko 
Freelance Developer & Consultant
Lucene.NET committer and PMC member

On Sat, Feb 7, 2015 at 11:04 PM, Steve Johnson  wrote:

>
> I’ll keep you up to date es5z via this thread.
>
>  I’ve gotten one response so far with no real info attached, and haven’t
> followed up yet.  I will check with sites like elance at some point.
>
> Steve
>
> On Feb 7, 2015, at 3:06 AM, es5z wrote:
>
> I'm wondering the same thing actually. Have you tried freelancer websites
> like elance and the others?
>
> On Friday, February 6, 2015 at 8:22:27 PM UTC+1, Steve Johnson wrote:
>>
>> I hope a posting like this is not taboo in this forum...
>>
>> We are struggling to understand how to properly configure an ELK stack
>> for our production environment.  We think we have things set up pretty much
>> right, and then ES throws us a curve ball.  We've had a couple of things
>> happen over the last few days that are simply baffling to us.  We've decide
>> we need the help of someone who really knows ES.
>>
>> Support companies all seem to want to sell only long-term contracts. We
>> need short-term help.  We are therefore thinking that we need to find an
>> individual ES expert who we can pay on an hourly basis to help us set up
>> our ES cluster and learn how it works and how to maintain it.
>>
>> If anyone reading this fits this description, or knows of some other
>> person or organization that does, please contact me at elastic <<>>
>> filethis <<>> c0m.  If you're offering your services directly, please
>> let me know as much as you can about your experience with ES, including the
>> number of years you've worked with it and the sizes of the clusters you've
>> worked with.
>>
>> TIA for all help!
>>
>> Steve
>>
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "elasticsearch" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/elasticsearch/T4QQ2t23uAw/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/9ca23652-8eec-445c-945d-49eb82388499%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/AD545C15-0FC1-4DBA-B3A5-1C8753353F84%40filethis.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CAHTr4ZuJHVOodDVW2iF66Q_mFdRHpa_wLPTFJSOhJ2iTNsB%3D1w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Paid help with ES/ELK?

[Steve Johnson]

I’ll keep you up to date es5z via this thread.

 I’ve gotten one response so far with no real info attached, and haven’t 
followed up yet.  I will check with sites like elance at some point.

Steve

> On Feb 7, 2015, at 3:06 AM, es5z wrote:
> 
> I'm wondering the same thing actually. Have you tried freelancer websites 
> like elance and the others?
> 
> On Friday, February 6, 2015 at 8:22:27 PM UTC+1, Steve Johnson wrote:
> I hope a posting like this is not taboo in this forum...
> 
> We are struggling to understand how to properly configure an ELK stack for 
> our production environment.  We think we have things set up pretty much 
> right, and then ES throws us a curve ball.  We've had a couple of things 
> happen over the last few days that are simply baffling to us.  We've decide 
> we need the help of someone who really knows ES.
> 
> Support companies all seem to want to sell only long-term contracts. We need 
> short-term help.  We are therefore thinking that we need to find an 
> individual ES expert who we can pay on an hourly basis to help us set up our 
> ES cluster and learn how it works and how to maintain it.
> 
> If anyone reading this fits this description, or knows of some other person 
> or organization that does, please contact me at elastic <<>> filethis 
> <<>> c0m.  If you're offering your services directly, please let me know 
> as much as you can about your experience with ES, including the number of 
> years you've worked with it and the sizes of the clusters you've worked with.
> 
> TIA for all help!
> 
> Steve
> 
> 
> -- 
> You received this message because you are subscribed to a topic in the Google 
> Groups "elasticsearch" group.
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/elasticsearch/T4QQ2t23uAw/unsubscribe 
> .
> To unsubscribe from this group and all its topics, send an email to 
> elasticsearch+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/elasticsearch/9ca23652-8eec-445c-945d-49eb82388499%40googlegroups.com
>  
> .
> For more options, visit https://groups.google.com/d/optout 
> .

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/AD545C15-0FC1-4DBA-B3A5-1C8753353F84%40filethis.com.
For more options, visit https://groups.google.com/d/optout.

Re: Doc Values

[Itamar Syn-Hershko]

If the indexes have been already created you will have to be creative to
find those fields that need updating - not familiar with a plugin that can
do that. A simple client side tool that will grab all mappings from the
/_mapping endpoint, change it and send it back should do

For indexes that weren't created yet you can use index templates

--

Itamar Syn-Hershko
http://code972.com | @synhershko 
Freelance Developer & Consultant
Lucene.NET committer and PMC member

On Sat, Feb 7, 2015 at 10:04 PM, Joel Baranick  wrote:

> Got it. What I was hoping for would be a way to force doc_values to be the
> only way for fielddata to be stored for all mapping a in the entire cluster
> without having to update each index. Could this be done with a plugin?
>
> --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/67ce9351-f37a-40aa-ad04-c5328140d6fd%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CAHTr4Zv6pffNZ2nZJMm0ew%2BPeaVX2GaNRoQdSHRXYD-x_T%2BARA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Force search on a local node?

[Greg Totsline]

Itamar - perfect, thanks very much!

On Sat, Feb 7, 2015 at 3:03 PM, Itamar Syn-Hershko 
wrote:

>
> http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-request-preference.html
>
> --
>
> Itamar Syn-Hershko
> http://code972.com | @synhershko 
> Freelance Developer & Consultant
> Lucene.NET committer and PMC member
>
> On Sat, Feb 7, 2015 at 9:15 PM, codemasterg  wrote:
>
>> Hi -
>>
>> I am new to Elasticsearch and have what I hope is a basic question for a
>> simple configuration.  Assume I have 3 node cluster with a single index and:
>>
>>   - 1 primary shard
>>   - 2 replicas of the primary shard
>>
>> The majority of requests will be searches with relatively few index
>> updates.
>>
>> All requests are distributed by a network load balancer across the three
>> nodes.  Since each node has a copy of the index and the requests are being
>> spread across the cluster  by the network load balancer, my intuition is
>> that a local search (i.e. execute a search on the node that received the
>> request) will perform best.  In other words, I do not want Elasticsearch to
>> round-robin each search request from the node received to another node; I
>> want the node that received the request to search its local copy of the
>> index.
>>
>> My question: Is there a way for make Elasticsearch search against only
>> the shard on the node received (and avoid a network hop to another shard)?
>>
>> Thanks very much.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "elasticsearch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to elasticsearch+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/elasticsearch/b4289cc5-7981-443f-a26c-569b271cda3a%40googlegroups.com
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>  --
> You received this message because you are subscribed to a topic in the
> Google Groups "elasticsearch" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/elasticsearch/eDk_zSFZArk/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/CAHTr4Zvqw8CnzAYfMg7-zGnv-4tQ2izPAi8Bo1z8xDyHao7jHQ%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CA%2BJa1jbP%2Bn4pKeYCce4e6Om%3DhvkSqP%3DZRx07JHQj1Frec0snhg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Doc Values

[Joel Baranick]

Got it. What I was hoping for would be a way to force doc_values to be the only 
way for fielddata to be stored for all mapping a in the entire cluster without 
having to update each index. Could this be done with a plugin?

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/67ce9351-f37a-40aa-ad04-c5328140d6fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Force search on a local node?

[Itamar Syn-Hershko]

http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-request-preference.html

--

Itamar Syn-Hershko
http://code972.com | @synhershko 
Freelance Developer & Consultant
Lucene.NET committer and PMC member

On Sat, Feb 7, 2015 at 9:15 PM, codemasterg  wrote:

> Hi -
>
> I am new to Elasticsearch and have what I hope is a basic question for a
> simple configuration.  Assume I have 3 node cluster with a single index and:
>
>   - 1 primary shard
>   - 2 replicas of the primary shard
>
> The majority of requests will be searches with relatively few index
> updates.
>
> All requests are distributed by a network load balancer across the three
> nodes.  Since each node has a copy of the index and the requests are being
> spread across the cluster  by the network load balancer, my intuition is
> that a local search (i.e. execute a search on the node that received the
> request) will perform best.  In other words, I do not want Elasticsearch to
> round-robin each search request from the node received to another node; I
> want the node that received the request to search its local copy of the
> index.
>
> My question: Is there a way for make Elasticsearch search against only the
> shard on the node received (and avoid a network hop to another shard)?
>
> Thanks very much.
>
> --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/b4289cc5-7981-443f-a26c-569b271cda3a%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CAHTr4Zvqw8CnzAYfMg7-zGnv-4tQ2izPAi8Bo1z8xDyHao7jHQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Doc Values

[Itamar Syn-Hershko]

You can update mappings cluster-wide (just post the mapping definition to
server:9200/*), but you will need to specify the field names explicitly

--

Itamar Syn-Hershko
http://code972.com | @synhershko 
Freelance Developer & Consultant
Lucene.NET committer and PMC member

On Sat, Feb 7, 2015 at 9:30 PM, Joel Baranick  wrote:

> Is there a way to turn doc_values on cluster wide and override any index
> specific settings?
>
> --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/0f54a59e-7490-4c63-b223-6371fa49719a%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CAHTr4Zu7aZudsPYCaMLTJGtngn9%2B3h7qny%2B4fYzksf%3DVrUmEEg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Doc Values Cluster Wide

[Joel Baranick]

Is there a way to turn doc_values on cluster wide and override any index 
specific settings?

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/59875c68-da78-439d-9c55-9cbcbc884725%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Doc Values

[Joel Baranick]

Is there a way to turn doc_values on cluster wide and override any index 
specific settings?

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/0f54a59e-7490-4c63-b223-6371fa49719a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Force search on a local node?

[codemasterg]

Hi -

I am new to Elasticsearch and have what I hope is a basic question for a 
simple configuration.  Assume I have 3 node cluster with a single index and:

  - 1 primary shard
  - 2 replicas of the primary shard

The majority of requests will be searches with relatively few index updates.

All requests are distributed by a network load balancer across the three 
nodes.  Since each node has a copy of the index and the requests are being 
spread across the cluster  by the network load balancer, my intuition is 
that a local search (i.e. execute a search on the node that received the 
request) will perform best.  In other words, I do not want Elasticsearch to 
round-robin each search request from the node received to another node; I 
want the node that received the request to search its local copy of the 
index.

My question: Is there a way for make Elasticsearch search against only the 
shard on the node received (and avoid a network hop to another shard)?

Thanks very much.

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/b4289cc5-7981-443f-a26c-569b271cda3a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Hot to use elasticsearch and d3 worcloud by jasondavies together?

[Mohd Syafiq]

hi guys , 

 do you guys know how to use them together ?
any example will be appreciated... 

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/9484e071-3e8c-4c9d-b7b7-939e6d59e9d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Filter by _version and show _version in elasticsearch query

[es5z]

How can I filter by the `_version` field in elasticsearch? I tried to run 
the following query (using YAML instead of JSON) to get documents with 
_version greater than or equal to 4, but nothing is getting returned even 
though the document definitely has documents with that version number.

query:
filtered:
filter:
range:
_version:
gte: 4

I know `_version` is working because in general I can do aggregations on it 
like

aggs:
versions:
terms:
field: _version

Also how can I get `_version` to appear in the list of fields? I try the 
following but only the `name` field is shown, not version.

fields:
- name
- _version

I haven't done anything in my mapping regarding _version, do I need to 
customize it's mapping in some way before I can filter or display it?

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/16d20efb-3967-43f8-a860-b694d70ef4ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Paid help with ES/ELK?

[es5z]

I'm wondering the same thing actually. Have you tried freelancer websites 
like elance and the others?

On Friday, February 6, 2015 at 8:22:27 PM UTC+1, Steve Johnson wrote:
>
> I hope a posting like this is not taboo in this forum...
>
> We are struggling to understand how to properly configure an ELK stack for 
> our production environment.  We think we have things set up pretty much 
> right, and then ES throws us a curve ball.  We've had a couple of things 
> happen over the last few days that are simply baffling to us.  We've decide 
> we need the help of someone who really knows ES.
>
> Support companies all seem to want to sell only long-term contracts. We 
> need short-term help.  We are therefore thinking that we need to find an 
> individual ES expert who we can pay on an hourly basis to help us set up 
> our ES cluster and learn how it works and how to maintain it.
>
> If anyone reading this fits this description, or knows of some other 
> person or organization that does, please contact me at elastic <<>> 
> filethis <<>> c0m.  If you're offering your services directly, please 
> let me know as much as you can about your experience with ES, including the 
> number of years you've worked with it and the sizes of the clusters you've 
> worked with.
>
> TIA for all help!
>
> Steve
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/9ca23652-8eec-445c-945d-49eb82388499%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.