Kibana is not using the elasticsearch mapping

Question

I am using logstash/elasticsearch/kibana to keep some application logs under control. The application I am working on is custom development so I had to define my patterns/extra file and my own elasticsearch mapping.

The mapping I defined is:

{
    "http-logs": {
        "properties": {
            "message": {
                "type": "string",
                "index": "no"
            },
            "@version": {
                "type": "long"
            },
            "@timestamp": {
                "type": "date"
            },
            "command": {
                "type": "string",
                "index": "not_analyzed"
            },
            "type": {
                "type": "string",
                "index": "analyzed"
            },
            "facade-in": {
                "type": "string",
                "index": "not_analyzed"
            },
            "facade-out": {
                "type": "string",
                "index": "not_analyzed"
            },
            "elapsed": {
                "type": "integer"
            },
            "items": {
                "type": "integer"
            }
        }
    }
}

and once loaded on ES, I can see it defined as expected: ... "command" : { "type" : "string", "index" : "not_analyzed" }, ...

After loading my logs with logstash I am trying to visualize some data but playing aroud with my fields I am puzzled as kibana is saying that my command is analyzed....whereas it should not be.

What am I missing?

Thanks in advance for any help.

Answer 1

As already explained here logstash will not rely on your mapping if your documents are not matching it. Doublechecking my objects and my definition the differences caused the problem and cleaning my mapping/objects up did the trick.