{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 可以哭但决不认输i 的问题《Replacing a dot in an field name》','https://www.manongdao.com/q-903059.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Good morning,
Working on upgrading to the lastest version of the ELK stack and running into an issue with the field mapping. I have something similar to the following in my raw data:
{
"_index" : "logstash-2016.04.21",
"level1" : {
"level2" : {
"1" : "somevalue",
"1.1" : "somevalue1"
}
}
}
And as we all know elasticsearch 2.X does not like dots (.) in field names, messes up the dot-notation. So as a total newbie to elasticsearch, I have not been able to find a way, or search the right terms, to find a way to fix this using mappings or analyzers or 'something i do not yet know about'. I am hoping the community here can help me find a way to fix this so I can re-index all of my current indexes as well as mapping it for future indexes.
Currently on ES version 1.7, running on debian
Thank you, Mike
If you can't fix the input, logstash has a de_dot filter for this purpose.