The only working way is to specify the * for index pattern.
{
“template”: “*”,
“settings”: {
“index.mapping.total_fields.limit”: 2000
},
“mappings”: {
“properties”: {
“app_time”: {
“type”: “date”,
“format”: “yyyy-MM-dd’T’HH:mm:ssZZZZZ”
}
}
}
}
I can advise, but you aren’t clear on what you actually want… so I am not 100% sure of what you are trying to accomplish… I am guessing that you want to create custom templates for two indexes, one starting with gc-prod and the other starting with dfa_ but it’s not working unless you wildcard the whole index name?
If so, you can use the asterisk "*" to cover the rest of the template name so it would look like this:
Notice how I used the forum tools (like: </> ) to make the code look nice and I indented for readability? These things, and being more specific about what you are trying to accomplish make it easier for the person who is trying to help you in their free time…
Hi @tmacgbay, thank you for reply and your advice. Yes you’ve understood right, I want to create custom template for two indexes gc-prod-* and dfa_*. I’ve tried the method you advised earlier and it didn’t work.
If I check what I’ve applied it shows:
curl -X GET ‘http://localhost:9200/_template/graylog-custom-mapping?pretty’
is missing. The only way I’ve found to apply this is to put all the mappings and settings in one template for all indexes with index pattern “*”. But this way I think is to dirty, so that is why I ask if there is one other way to do that.
Try putting them in as separate custom mappings, or really separate custom mapping files that you apply. Where the file names are gl_custom_gc-prod.json and gl_custom_dfa.json
curl -X PUT -H 'Content-Type: application/json' -d @'gl_custom_gc-prod.json' 'http://elstc-main:9200/_template/gl_custom_gc-prod?pretty
curl -X PUT -H 'Content-Type: application/json' -d @'gl_custom_dfa.json' 'http://elstc-main:9200/_template/gl_custom_dfa?pretty
Just be sure to keep track of the customizations you put in. You can always query them but it’s better to document!
