Hello,
this question has the same root cause as: Graylog rewriting "index template" in Elasticsearch
i put in a template for an index set, and once it rotates to the new index set, having the new values i put in the template, the template gets overwritten.
sure i can do a daily cronjob to put in templates, but there has to be a nicer place to fix that ?
thanks !
Hello,
I think it’s because you are using the default graylog-internal template.
Create another new template with another name and it won’t be overwritten.
Hello, thanks for the reply, no its not the default, i put in index fields 2500:
root@graylog1:~# curl -X PUT -d @‘graysit_custom_template.json’ -H ‘Content-Type: application/json’ ‘http://localhost:9200/_template/win-template?pretty’
{
“acknowledged” : true
}
root@graylog1:~# curl -XGET ‘http://localhost:9200/_template/win-template’
{“win-template”:{“order”:-1,“index_patterns”:[“win_"],“settings”:{“index”:{“analysis”:{“analyzer”:{“analyzer_keyword”:{“filter”:“lowercase”,“tokenizer”:“keyword”}}},“mapping”:{“total_fields”:{“limit”:“2500”}}}},“mappings”:{"source":{“enabled”:true},“dynamic_templates”:[{“internal_fields”:{“mapping”:{“type”:“keyword”},“match_mapping_type”:“string”,“match”:"gl2”}},{“store_generic”:{“mapping”:{“type”:“keyword”},“match_mapping_type”:“string”}}],“properties”:{“gl2_processing_timestamp”:{“format”:“uuuu-MM-dd HH:mm:ss.SSS”,“type”:“date”},“gl2_accounted_message_size”:{“type”:“long”},“gl2_receive_timestamp”:{“format”:“uuuu-MM-dd HH:mm:ss.SSS”,“type”:“date”},“full_message”:{“fielddata”:false,“analyzer”:“standard”,“type”:“text”},“streams”:{“type”:“keyword”},“source”:{“fielddata”:true,“analyzer”:“analyzer_keyword”,“type”:“text”},“message”:{“fielddata”:false,“analyzer”:“standard”,“type”:“text”},“timestamp”:{“format”:“uuuu-MM-dd HH:mm:ss.SSS”,“type”:“date”}}},“aliases”:{}}}root@graylog1:~#
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
