z Open Data

Create an Elasticsearch index template

Already configured Elastic for ODP?

Before creating a new index template, check for an existing index template that matches the omegamon-* index pattern.

In Kibana, select Management ▶ Stack Management ▶ Data: Index Management ▶ Index Templates.

If a matching template exists, then rather than creating a new index template, ensure that the existing template matches the current required characteristics.

The starter dashboards require an index template with the following characteristics:

  • Applies to the index pattern omegamon-*

  • Maps string fields to the keyword data type

  • Enables data streams (note the data_stream object in the following sample)

Other characteristics of the index template are your choice.

Here is a starter index template for ODP data:

PUT _index_template/omegamon
{
  "index_patterns": ["omegamon-*"],
  "template": {
    "settings": {
      "number_of_replicas": 0,
      "lifecycle": {
        "name": "omegamon-ds-ilm-policy"
      }
    },
    "mappings": {
      "dynamic_templates": [ {
        "strings": {
          "match_mapping_type": "string",
          "mapping": {
            "type": "keyword"
          }
        }
      } ]
    }
  },
  "data_stream": { }
}





 

 















1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

Number of replicas

Set the value of number_of_replicas to match your Elastic environment.

In a single-node Elastic environment, set number_of_replicas to 0.

An Elastic environment can contain one or more running instances of Elasticsearch. Each instance is known as a node.

Production Elastic environments typically contain multiple nodes. Multi-node environments support resilience by distributing primary and replica shards of data across nodes.

The default value of number_of_replicas is 1, reflecting this support for resilience.

However, in a single-node environment, with a single running instance of Elasticsearch—such as a small "sandbox" for testing—there are no replicas.

WARNING

Neglecting to set number_of_replicas to 0 in a single-node Elastic environment causes problems:

  • "Yellow" health status of data streams and indices due to the missing replicas.
  • Index lifecycle management (ILM) policies do not delete indices. ILM policies wait for all shard copies (replicas) to be active before moving an index to the delete phase. In a single-node environment, if you don't set number_of_replicas to 0, ILM policies wait forever for the missing replicas.

Index lifecycle management policy

In template.settings.lifecycle.name, specify the name of the ILM policy that you want to use for ODP data.

No .raw fields

The index template maps all string fields to the keyword data type rather than the default text data type.

This mapping enables the starter dashboards to use the original field names for sorting and aggregation.

The starter dashboards do not need a separate .raw version of string fields.

Last Updated:
Contributors: Graham Hannington, David Dai, Viaceslavas Michalkevicius, ghannington