_doc is a mapping type, which by the way is now deprecated. A mapping type used to be a separate collection inside the same index. E.g. a twitter index could have a mapping of type user for storing all users, and a mapping of type tweet to store all tweets. Both of these types still … Read more
For that requirement to be achieved, you need to look at nested objects, not to query a flattened list of values but individual values from that nested object. For example: { “mappings”: { “people”: { “properties”: { “name”: { “type”: “string” }, “quotations”: { “type”: “nested”, “properties”: { “value”: { “type”: “string” } } } … Read more
You need to define a mapping using Put Mapping API. curl -XPUT ‘http://localhost:9200/twitter/_doc/_mapping’ -H ‘Content-Type: application/json’ -d ‘ { “_doc” : { “properties” : { “message” : {“type” : “text”, “store” : true} } } } ‘ A date can be defined as follow: curl -XPUT ‘http://localhost:9200/twitter/_doc/_mapping’ -H ‘Content-Type: application/json’ -d ‘ { “_doc” : … Read more
In Elasticsearch, there is no dedicated array type. Any field can contain zero or more values by default, however, all values in the array must be of the same datatype. So you don’t have to specify anything specific in the mapping to store an array of values. For more information look at: https://www.elastic.co/guide/en/elasticsearch/reference/current/array.html
Re-indexing means to read the data, delete the data in elasticsearch and ingest the data again. There is no such thing like “change the mapping of existing data in place.” All the re-indexing tools you mentioned are just wrappers around read->delete->ingest. You can always adjust the mapping for new indices and add fields later. All … Read more
just open file with sudo nano /etc/elasticsearch/elasticsearch.yml and replace this setting with false # Enable security features xpack.security.enabled: false
You could use the update by query plugin in order to do just that. The idea is to select all document without a category and whose url matches a certain string and add the category you wish. curl -XPOST ‘localhost:9200/webproxylog/_update_by_query’ -H “Content-Type: application/json” -d ‘ { “query”: { “filtered”: { “filter”: { “bool”: { “must”: … Read more
As wuxiwei said, Sense was renamed to Console and it is already available on Kibana 5.*. In Kibana, just click on Dev Tools:
Curator would be an ideal match here. You can find the link here – https://github.com/elastic/curator A command like below should work just fine – curator –host <IP> delete indices –older-than 30 –prefix “twitter-” –time-unit days –timestring ‘%Y-%m-%d’ You can keep in this in the CRON for removing the indices occasionally. You can find some examples … Read more
I’ve had a similar problem. I wanted to create a docker container with preloaded data (via some scripts and json files in the repo). The data inside elasticsearch was not going to change during the execution and I wanted as few build steps as possible (ideally only docker-compose up -d). One option would be to … Read more