Take a look here if you want to put the mapping in the file system. You have to go to the config folder and create a folder here called mappings , and another one with the name of the index inside mappings . Since logstash creates the default index per day, you'd better use the _default name for this folder so that the mapping applies to all indexes. The file created in this folder must have the name of the type to which you want to apply the mapping. I donβt remember exactly what type of logstash uses, so I would use the _default_ mapping definition. Just call the _default_.json file and put the following contents into it:
{ "_default_" : { "_ttl" : { "enabled" : true } } }
As you can see, the type name should be displayed both in the file name and in its contents.
Otherwise, you may not put files on the file system. You can create an index template containing your custom mapping, for example the following:
{ "template" : "logstash-*", "mappings" : { "_default_" : { "_ttl" : { "enabled" : true } } } }
The mapping will then be applied to all indices whose name matches the template template. If you use the _default_ mapping definition, the mapping will be the default for all types to be created.
javanna
source share