how to change the type of docker log field to elasticsearch

[dengqinghua]

Hi!

I use fluentd-k8s-es7 to collect k8s logs, the log in the es showed below

And if I query by "MEDIA_FINISH", it found nothing.

Then I check the type of log field, I found the the log type is keyword, instead of text like the message field

I don't know what cause this.

I tried delete the logstash index, it automatically create a new index with the same mapping. And I checked the config, still get no clue

How can I change the type of log field from keyword to text?

PS: I don't wanna use the method below to change index type...

1. Create a new index with the correct mapping info where the field type is changed to your desired type.
2. Re-index the data from your old index to the new index.
3. Remove the old index

maybe there is a simple way?

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 90 days with no activity. Remove stale label or comment or this issue will be closed in 30 days

[github-actions[bot]]

This issue was automatically closed because of stale in 30 days