logtrail
logtrail copied to clipboard
Published
20 hours ago •
sivasamyk
sivasamyk
Is it possible to use several mappings for the same index pattern?
Hello,
I'd like to have the option to see different mappings (based on grok pattern) for the same index pattern (without switching Settings index pattern button) . Please let me know if this is possible in the current version or you are planning to improve this going forward
....
....
{
"es": {
"default_index": "logstash-*"
},
"tail_interval_in_seconds": 10,
"es_index_time_offset_in_seconds": 0,
"display_timezone": "local",
"display_timestamp_format": "MMM DD HH:mm:ss",
"max_buckets": 500,
"default_time_range_in_days" : 0,
"max_hosts": 100,
"max_events_to_keep_in_viewer": 5000,
"default_search": "",
"fields" : {
"mapping" : {
"timestamp" : "@timestamp",
"message": "traefik_message",
"hostname": "kubernetes.container_name",
"display_timestamp": "traefik_timestamp"
},
"message_format": "{{{traefik_log_level}}} | {{{traefik_message}}}",
"mapping2" : {
"timestamp" : "@timestamp",
"message": "message",
"hostname": "kubernetes.container_name"
},
"message_format2": "{{{message}}}"
},
"color_mapping" : {
"field": "traefik_log_level",
"mapping": {
"error": "#FF0000",
"warn": "#FFEF96",
"debug": "#B5E7A0",
"info": "#CFE0E8"
}
}
Noticed that alias creation could help, but logtrail.json becomes a bit huge as I need to copy-paste all values ;)
curl -XPOST -u elastic:changeme 'localhost:9200/_aliases' -H 'Content-Type: application/json' -d'
{
"actions" : [
{ "add" : { "index" : "logstash-*", "alias" : "traefik" } }
]
}
'