Tai Tran

You have to create a datatream template first. Make sure declare mapping value properties. Here is the sample

PUT _index_template/logs-template

{
    "index_patterns":[
       "logs-*",
       "logs-sql"
    ],
    "data_stream":{
       "timestamp_field":{
          "name":"timestamp"
       }
    },
    "priority":200,
    "template":{
       "settings":{
          "number_of_shards":1,
          "number_of_replicas":1
       },
       "mappings":{
          "properties":{
             "timestamp":{
                "type":"date",
                "format":"yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis||yyyy-MM-dd HH:mm:ss 'UTC'"
             },
             "db":{
                "type":"text",
                "fields":{
                   "keyword":{
                      "type":"keyword",
                      "ignore_above":256
                   }
                }
             },
             "duration":{
                "type":"float"
             },
             "client_ip":{
                "type":"ip",
                "ignore_malformed":true
             },
             "app":{
                "type":"text",
                "fields":{
                   "keyword":{
                      "type":"keyword",
                      "ignore_above":256
                   }
                }
             },
             "sql":{
                "type":"text"
             },
             "raw":{
                "type":"text"
             }
          }
       }
    }
 }

Now, create data stream

 PUT _data_stream/logs-sql

Get data stream infomation

GET _data_stream/logs-sql
GET _cat/indices

ELK

You have to create a datatream template first. Make sure declare mapping value properties. Here is the sample

PUT _index_template/logs-template

{
    "index_patterns":[
       "logs-*",
       "logs-sql"
    ],
    "data_stream":{
       "timestamp_field":{
          "name":"timestamp"
       }
    },
    "priority":200,
    "template":{
       "settings":{
          "number_of_shards":1,
          "number_of_replicas":1
       },
       "mappings":{
          "properties":{
             "timestamp":{
                "type":"date",
                "format":"yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis||yyyy-MM-dd HH:mm:ss 'UTC'"
             },
             "db":{
                "type":"text",
                "fields":{
                   "keyword":{
                      "type":"keyword",
                      "ignore_above":256
                   }
                }
             },
             "duration":{
                "type":"float"
             },
             "client_ip":{
                "type":"ip",
                "ignore_malformed":true
             },
             "app":{
                "type":"text",
                "fields":{
                   "keyword":{
                      "type":"keyword",
                      "ignore_above":256
                   }
                }
             },
             "sql":{
                "type":"text"
             },
             "raw":{
                "type":"text"
             }
          }
       }
    }
 }

Now, create data stream

 PUT _data_stream/logs-sql

Get data stream infomation

GET _data_stream/logs-sql
GET _cat/indices

ELK

Serverless Blog

Opensearch Code snippet

Opensearch Code snippet