To understand Elasticsearch Mappings you can read the article here.
There are two ways you can view the current mappings on your Logit ELK Stacks.
One way is to use dev tools in Kibana. You can access Kibana from any of your dashboards by choosing from your dashboard Stack settings > Access Kibana.
Once Kibana has opened you need to choose Dev Tools in the left hand menu.
In the console section of the screen we are going to enter the following command.
You should get an output similar to that of the screenshot below. Here you can see all the mappings currently used on the Elasticsearch server.
You can also search for a specific mapping of an Index name. For example if we wanted to see the mappings for the a Filebeat index name we can run the following to return only the desired mappings.
You can also search for the specific mappings of an index name. First we will get get the names of our indices and then secondly we will use index name to view the indices mappings.
First run the following.
This should give an output similar to the below screenshot:
From here we can then choose an index-name from the third column of information. For this example I have chosen the index-name filebeat-2019.05.17.
We can now use this to get the mappings by running the following command in Kibana Deb Tools.
This will give an output similar to the screenshot below:
The second way to review the mappings currently in use is to use the mapping API. To do this you will need your Elasticsearch endpoint address and your ApiKey. These can be accessed from your dashboard by choosing
Stack Settings > Elasticsearch.
The next step is to write a a curl -x get command to retrieve the mappings from Elasticsearch.
curl -X GET your-elasticsearch-endpoint-address-es.logit.io/_all/_mapping?your-api-key&pretty
You will be returned with a json output similar to the below screenshot.
Similar to Kibana Dev Tools you can also use the Mapping API to retrieve the mappings of a specific index-name.
To do so you will need to know the name of the index, so first we need retrieve the names of our indices by running the following command.
curl -X GET your-elasticsearch-endpoint-address-es.logit.io/_cat/indices?your-api-key&pretty
Once the command has been run you will get an output similar to the screenshot below:
Now we can select the index-name from the third column of information and use it to retrieve the mappings. So again in the below example I have used the index-name of filebeat-2019.05.17.
curl -X GET your-elasticsearch-endpoint-address-es.logit.io/filebeat-2019.05.17/_mapping?your-api-key&pretty
This will return an output similar to that of the below screenshot: