WARNING: The 2.x versions of Elasticsearch have passed their EOL dates. If you are running a 2.x version, we strongly advise you to upgrade.
This documentation is no longer maintained and may be removed. For the latest information, see the current Elasticsearch documentation.
Although you can add new types to an index, or add new fields to a type, you can’t add new analyzers or make changes to existing fields. If you were to do so, the data that had already been indexed would be incorrect and your searches would no longer work as expected.
The simplest way to apply these changes to your existing data is to reindex: create a new index with the new settings and copy all of your documents from the old index to the new index.
One of the advantages of the
_source field is that you already have the
whole document available to you in Elasticsearch itself. You don’t have to
rebuild your index from the database, which is usually much slower.
To reindex all of the documents from the old index efficiently, use
scroll to retrieve batches of documents from the old index,
bulk API to push them into the new index.
Intro to Kibana
ELK for Logs & Metrics