ElasticSearch - copy_to with dynamic template

问题

Following up my previous question: ElasticSearch overriding mapping from text to object

I have an index template:

{
"template" : "project.*",
  "order" : 100,
  "dynamic_templates": [
    {
      "message_field": {
        "mapping": {
          "type": "object"
        },
        "match": "message"
      },
      "message_properties": {
        "path_match":   "message.*",
        "mapping": {
          "type": "string",
          "index": "not_analyzed"
        }
      }
    }
  ]
}

which basically creates new fields for everything under "message" field. I am doing this because "message" field is mapped as a string in another index template and I am overriding it.

Sample document:

{
  "level": "30",
  ...
  "kubernetes": {
    "container_name": "data-sync-server",
    "namespace_name": "alitest03",
    ...
  },
  "message": {
    "tag": "AUDIT",
    "requestId": 1234,
    ...
    },
  }
  ...
}

This works fine, but it ends up creating top level fields like "tag" and "requestId". I don't want to pollute the top level and would like to have fields like "audit.tag", "audit.requestId".

Tried using copy_to like this, but I don't see any "audit.*" fields:

{
  "template" : "project.*",
  "order" : 100,
  "dynamic_templates": [
    {
      "message_field": {
        "mapping": {
          "type": "object"
        },
        "match": "message"
      },
      "message_properties": {
        "path_match":   "message.*",
        "mapping": {
          "type": "string",
          "index": "not_analyzed",
          "copy_to" : "audit.{name}"
        }
      }
    }
  ]
}

A sample search result when using the template above with copy_to is below. I don't see any "audit.*" fields.

{
  "timestamp": "October 15th 2018, 15:46:15.994",
  "_id": "YmI1NDRjMTgtZTY3Ni00ZGUxLTk2NDMtOTJhZjk3ZWU1YTJj",
  "_index": "project.alitestproj02.aa564e69-c643-11e8-af2a-fa163e4c9c9e.2018.10.15",
  "_score": "",
  "_type": "com.redhat.viaq.common",
  ...
  "kubernetes.container_name": "data-sync-server",
  "kubernetes.namespace_name": "alitestproj02",
  ...
  "message": "{\"level\":30,\"time\":1539607575994,\"pid\":19,\"hostname\":\"data-sync-server-6-pxcsm\",\"tag\":\"AUDIT\",\"msg\":\"\",\"requestId\":20355,\"operationType\":\"query\",\"parentTypeName\":\"Meme\",\"path\":\"allMemes.866.owner\",\"success\":true,\"parent\":{\"_type\":\"meme\",\"photourl\":\"photo472\",\"owner\":\"owner35\",\"likes\":0,\"_id\":\"zzEnLAQmQeuTC1mj\",\"createdAt\":\"2018-10-15T11:58:33.896Z\",\"updatedAt\":\"2018-10-15T11:58:33.896Z\",\"id\":\"zzEnLAQmQeuTC1mj\"},\"arguments\":{},\"dataSourceType\":\"InMemory\",\"v\":1}\n",
  "requestId": "20355",
  "tag": "AUDIT",
  ...
  "v": 1
}

来源：https://stackoverflow.com/questions/52836184/elasticsearch-copy-to-with-dynamic-template