ElasticSearch fields prefixed with "@"

Question

ElasticSearch fields prefixed with "@"

I see a lot of fields in examples that look like @timestamp, @nameetc.

What does it mean? Does it make any changes or is it some kind of convention? This is difficult for Google, and I did not find a link to the document.

Here is an example: https://gist.github.com/deverton/2970285

        ...
        "properties" : {
            "@fields": { "type": "object", "dynamic": true, "path": "full" }, 
            "@message" : { "type" : "string", "index" : "analyzed" },
            "@source" : { "type" : "string", "index" : "not_analyzed" },
            "@source_host" : { "type" : "string", "index" : "not_analyzed" },
            "@source_path" : { "type" : "string", "index" : "not_analyzed" },
            "@tags": { "type": "string", "index" : "not_analyzed" }, 
            "@timestamp" : { "type" : "date", "index" : "not_analyzed" },
            "@type" : { "type" : "string", "index" : "not_analyzed" }
        }
        ...

+4

elasticsearch

Masterscrat Feb 28 '14 at 7:36

source share

1 answer

Akshay · Accepted Answer · 2014-02-28T09:12:28+0000

These settings do not affect anything. They are the standardized logstash fields that are used, so you can easily report logs coming from multiple sources.

This is just an agreement on obsolete magazines, not a relay agreement.

ElasticSearch fields prefixed with "@"

More articles: