Create an Elasticsearch index template
The starter dashboards require an index template with the following characteristics:
Applies to the index pattern
fuw-*
Maps string fields to the
keyword
data typeEnables data streams (note the
data_stream
object in the following sample)
Other characteristics of the index template are your choice.
Here is a starter index template for Transaction Analysis Workbench data:
PUT _index_template/fuw
{
"index_patterns": ["fuw-*"],
"template": {
"settings": {
"lifecycle": {
"name": "fuw-ilm-policy"
}
},
"mappings": {
"dynamic_templates": [ {
"strings": {
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
} ]
}
},
"data_stream": { }
}
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
In template.settings.lifecycle.name
, specify the name of the ILM policy that you want to use for Transaction Analysis Workbench data.
.raw
fields
No The index template maps all string fields to the keyword
data type rather than the default text
data type.
This mapping enables the starter dashboards to use the original field names for sorting and aggregation.
The starter dashboards do not need a separate .raw
version of string fields.
Number of replicas
The starter index template does not specify a value for number_of_replicas
.
Set the value of number_of_replicas
to match your Elastic environment. The default value is 1.
If you are using a single-node Elastic environment—for example, you are testing these dashboards in a small "sandbox" environment—then there will be no replicas. In that case, if you use the default value of 1, then Elastic will report health issues due to the missing replicas. To avoid those health issues in a single-node environment, consider setting the number of replicas to 0:
"template": {
"settings": {
"number_of_replicas": 0,
"lifecycle": {
"name": "fuw-ilm-policy"
}
},