Hey there! Let’s walk through exactly how to handle Elasticsearch mappings and that template code you shared, tailored to your network packet analysis setup with Packetbeat, Metricbeat, and Filebeat on Ubuntu 16 x64.

First: What That Code Is #

The snippet you posted is an Elasticsearch index template. Templates let you define mappings (and other settings) that automatically get applied to any new indexes matching a pattern (like the packetbeat-* indexes Packetbeat creates). This ensures your fields (like title, age, created) have the correct data types from day one—no more letting Elasticsearch guess, which can cause headaches later when analyzing packet data.

Where to Run the Command #

You’ve got two straightforward options to execute that PUT request, depending on your workflow:

1. Using curl in the Ubuntu Terminal #

If you prefer the command line or don’t have Kibana set up yet, curl is the way to go. Just run this command (replace localhost:9200 with your Elasticsearch node’s address if it’s not local):

curl -X PUT "localhost:9200/_template/packets" \
  -H 'Content-Type: application/json' \
  -d '{
    "mappings": {
      "doc": {
        "properties": {
          "title": { "type": "text" },
          "name": { "type": "text" },
          "age": { "type": "integer" },
          "created": {
            "type": "date",
            "format": "strict_date_optional_time||epoch_millis"
          }
        }
      }
    }
  }'

You’ll get a {"acknowledged":true} response if it worked successfully.

2. Using Kibana Dev Tools (Easier for Visual Editing) #

Since you’re following an Elastic blog tutorial focused on Kibana, you probably have it deployed. Dev Tools is a built-in interface that makes running Elasticsearch commands intuitive:

• Open Kibana in your browser (typically http://localhost:5601)
• Click "Dev Tools" in the left sidebar
• Paste your exact code into the left pane:

  PUT _template/packets 
  { 
    "mappings": { 
      "doc": { 
        "properties": { 
          "title": { "type": "text" }, 
          "name": { "type": "text" }, 
          "age": { "type": "integer" }, 
          "created": { "type": "date", "format": "strict_date_optional_time||epoch_millis" } 
        } 
      } 
    } 
  }
  

• Hit the play button (▶️) to run it—you’ll see a success confirmation in the right pane.

Verifying It Worked #

To double-check the template is active and applied:

• Use this curl command to view the template details:

  curl -GET "localhost:9200/_template/packets"
  

• Or, after Packetbeat creates a new index, inspect its mappings:

  curl -GET "localhost:9200/packetbeat-*/_mapping"
  

You should see your defined field types (like integer for age, date for created) in the response.

Quick Tip for Your Packetbeat Workflow #

For network packet analysis, having correct field types is crucial. For example, the date type on created lets you filter and visualize packet traffic over time in Kibana—something you’ll rely on heavily for spotting trends or anomalies.

内容的提问来源于stack exchange，提问作者Manuel Flores