Am Dienstag, 14. Februar 2017, 23:32:42 schrieb celtar: > Elasticsearch uses per default dynamic Mapping as described here > https://www.elastic.co/guide/en/elasticsearch/guide/2.x/dynamic-mapping.html >. > I can use different type of fix mapping e.g in Elasticsearch, maybe i use > Logstash or use the easy way in graylog (use an extractor as seen above).
A custom type mapping (http://docs.graylog.org/en/2.2/pages/configuration/elasticsearch.html#custom-index-mappings) is the more flexible solution than Logstash or Graylog extractors. After all agent is a field every client vendor messes around with. Alternatively, you can try changing searches. Terms with wildcards are lower- cased by default. The lowercase_expanded_terms parameter changes this behaviour (https://www.elastic.co/guide/en/elasticsearch/reference/2.4/query-dsl-query-string-query.html) and you can use the term *Googlebot*. The term *ooglebot* (without the capital G) should work with the default settings. Frank -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2738654.fgsd158Ryy%40studio.engler.invalid. For more options, visit https://groups.google.com/d/optout.
