Update Elasticsearch Templates to Work with Elasticsearch 5.x
To update your existing Elasticsearch templates, perform the following steps:
To update your existing Elasticsearch templates, perform the following steps:
index*
to get all indexes for the
provided sensor:export ELASTICSEARCH="node1"
export SENSOR="bro"
curl -XGET "http://${ELASTICSEARCH}:9200/_template/${SENSOR}_index*?pretty=true" -o "${SENSOR}.template"
sed -i '' '2d;$d' ./${SENSOR}.template
sed -i '' '/"properties" : {/ a\
"alert": { "type": "nested"},' ${SENSOR}.template
python -m json.tool bro.template
curl -XPUT "http://${ELASTICSEARCH}:9200/_template/${SENSOR}_index" -d @${SENSOR}.template