Elastic Docs Integrations Developer Guide Build an integration
« Edit ingest pipelines Create and export dashboards »

Edit field mappingsedit

Ingest pipelines create fields in an Elasticsearch index, but don’t define the fields themselves. Instead, each field requires a defined data type or mapping.

Mapping is the process of defining how a document, and the fields it contains, are stored and indexed. Each document is a collection of fields, each having its own data type. When mapping your data, create a mapping definition containing a list of fields pertinent to the document. A mapping definition also includes metadata fields, like the _source field, which customize how the associated metadata of a document is handled.

To learn more, see mapping.

Mappings are defined in the fields directory. Like ingest pipelines, mappings only apply to the parent data stream. The Apache integration has four different field definitions:

apache
└───data_stream
│   └───access
│   │   └───elasticsearch/ingest_pipeline
│   │   │      default.yml
│   │   └───fields
│   │          agent.yml 
│   │          base-fields.yml 
│   │          ecs.yml 
│   │          fields.yml 
│   └───error
│   └───status

agent.yml fields the Elastic agent uses

base-fields.yml never changes and is required for all integrations

Defines the relevant ECS fields

Custom Apache access log fields
« Edit ingest pipelines Create and export dashboards »