Movatterモバイル変換

[0]ホーム
URL:

Loading
  1. Elastic Docs/
  2. Solutions and use cases/
  3. Observability solution/
  4. Logs

Logs index template reference

Index templates are used to configure the backing indices of data streams as they’re created. These index templates are composed of multiplecomponent templates—reusable building blocks that configure index mappings, settings, and aliases.

You can view the defaultlogs index template in Kibana. To openIndex Management, find it in the navigation menu or use theglobal search field. SelectIndex Templates and search forlogs. Select thelogs index templates to view relevant component templates.

Refer toDefault log component templates for details on the mappings, settings, and pipelines included by default.

The defaultlogs index template for thelogs-*-* index pattern is composed of the following component templates:

  • logs@mappings
  • logs@settings
  • logs@custom
  • ecs@mappings

You can use thelogs@custom component template to customize your Elasticsearch indices. Thelogs@custom component template is not installed by default, but you can create a component template namedlogs@custom to override and extend default mappings or settings. To do this:

  1. To openIndex Management, find it in the navigation menu or use theglobal search field.
  2. SelectComponent Templates.
  3. ClickCreate component template.
  4. Name the component templatelogs@custom.
  5. Add any custom metadata, index settings, or mappings.

Changes to component templates are not applied retroactively to existing indices. For changes to take effect, create a new write index for impacted data streams by triggering a rollover. Do this using the ElasticsearchRollover API. For example, to roll over thelogs-generic-default data stream, run:

POST /logs-generic-default/_rollover/

Thelogs index template usesdefault_field: [*] meaning queries without specified fields will search across all fields. You can update thedefault_field to search in themessage field instead of all fields using thelogs@custom component template.

If you haven’t already created thelogs@custom component template, create it as outlined in the previous section. Then, follow these steps to update theIndex settings of the component template:

  1. To openIndex Management, find it in the navigation menu or use theglobal search field.

  2. SelectComponent Templates.

  3. Search forlogs and find thelogs@custom component template.

  4. Open theActions menu and selectEdit.

  5. SelectIndex settings and add the following code:

    {  "index": {    "query": {      "default_field": [        "message"      ]    }  }}

  6. ClickNext through to theReview page and save the component template.

[8]ページ先頭
©2009-2026 Movatter.jp