How to stop logstash from creating a default mapping in ElasticSearch

Question

I am using logstash to feed logs into ElasticSearch. I am configuring logstash output as:

input {
file {
            path => \"/tmp/foo.log\"
            code         


        

Answer 1

logs in this case is the index_type. If you don't want to create it as logs, specify some other index_type on your elasticsearch element. Every record in elasticsearch is required to have an index and a type. Logstash defaults to logs if you haven't specified it.

There's always an implicit mapping created when you insert records into Elasticsearch, so you can't prevent it from being created. You can create the mapping yourself before you insert anything (via say a template mapping).

The setting manage_template of false just prevents it from creating the template mapping for the index you've specified. You can delete the existing template if it's already been created by using something like curl -XDELETE http://localhost:9200/_template/logstash?pretty