My hostnames are something like "companyname-instancename".
When the logs get sent to logstash and then stored in elasticsearch, they seem to get split up at the "-".
How can I prevent this in logstash? Do I have to change the hosts field?
Asked
Active
Viewed 537 times
0
-
Can you supply an example record? – ZekeTheGeek Feb 12 '14 at 22:02
-
Can you provide your configuration? Or please explain your problem more clearly. Thank you. – Ban-Chuan Lim Feb 13 '14 at 02:24
1 Answers
0
Elasticsearch, being a text search engine, is analyzing the data for you and making tokens out of it.
You need to set the field to be not_analyzed to prevent this. Since everyone hits this "problem", logstash will make a ".raw" version of the field for you, e.g. myField.raw.
Alain Collins
- 16,268
- 2
- 32
- 55