Hi,
I’ve got a simple question, how do I replace the default Index Mapping with a custom one?
In this https://docs.graylog.org/en/3.3/pages/configuration/elasticsearch.html#custom-index-mappings document I don’t really understand how to do it. The type “keyword” doesn’t fit with my needs. I need to change it into “winlogbeat_user_name”.
Thanks for any answers in advance.
Best regards,
beep
Those are two different things you are talking about there. Elasticsearch uses these data types but “winlogbeat_user_name” is a field name applied to a data type of “keyword” which by default sounds correct… Do you want to change the field name? That would be a pipeline rule attached to the stream using the rename_field() function. If it is the data type you want to change that would be going from “keyword” to what?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
