谁能给我一个template demo啊

最近在搞logstash,但是好多数值类型到es里,就变成String了,官方文档对于template的描述太少,网上也试了几个模板,都没有把数值类型解析出来。

谁能给我一个模板啊,跪求
已邀请:

lendo

赞同来自: Rubricate medcl

索引都以“index_”开头,我是按月份分了索引,类似于index_01,index_02等,log_s,logs_i,log_ic分别是三个类型。文件名:index.json。

{
"index": {
"template": "index_*",
"settings": {
"index.number_of_shards" : 5,
"number_of_replicas" : 0
},
"mappings": {
"log_s": {
"_ttl": {"enabled": true, "default": "1d"},
"properties": {
"mibId": {
"type": "integer",
"index": "not_analyzed"
},
"deviceId": {
"type": "integer",
"index": "not_analyzed"
},
"schemaId": {
"type": "integer",
"index": "not_analyzed"
},
"pollTime": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss||yyyy-MM-dd HH:mm:ss.S||yyyy-MM-dd HH:mm:ss.SS||yyyy-MM-dd HH:mm:ss.SSS||yyyy-MM-dd HH:mm:ss.SSSS||yyyy-MM-dd HH:mm:ss.SSSSS||yyyy-MM-dd HH:mm:ss.SSSSSS||yyyy-MM-dd"
},
"value": {
"type": "string",
"index": "not_analyzed"
},
"valueLong": {
"type": "long",
"index": "not_analyzed"
}
}
},
"log_i": {
"_ttl": {"enabled": true, "default": "1d"},
"properties": {
"mibId": {
"type": "integer",
"index": "not_analyzed"
},
"deviceId": {
"type": "integer",
"index": "not_analyzed"
},
"schemaId": {
"type": "integer",
"index": "not_analyzed"
},
"ifId": {
"type": "integer",
"index": "not_analyzed"
},
"ifIndex": {
"type": "integer",
"index": "not_analyzed"
},
"pollTime": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss||yyyy-MM-dd HH:mm:ss.S||yyyy-MM-dd HH:mm:ss.SS||yyyy-MM-dd HH:mm:ss.SSS||yyyy-MM-dd HH:mm:ss.SSSS||yyyy-MM-dd HH:mm:ss.SSSSS||yyyy-MM-dd HH:mm:ss.SSSSSS||yyyy-MM-dd"
},
"value": {
"type": "string",
"index": "not_analyzed"
},
"valueLong": {
"type": "long",
"index": "not_analyzed"
}
}
},
"log_ic": {
"_ttl": {"enabled": true, "default": "1d"},
"properties": {
"mibId": {
"type": "integer",
"index": "not_analyzed"
},
"deviceId": {
"type": "integer",
"index": "not_analyzed"
},
"schemaId": {
"type": "integer",
"index": "not_analyzed"
},
"ifId": {
"type": "integer",
"index": "not_analyzed"
},
"ifIndex": {
"type": "integer",
"index": "not_analyzed"
},
"pollTime": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss||yyyy-MM-dd HH:mm:ss.S||yyyy-MM-dd HH:mm:ss.SS||yyyy-MM-dd HH:mm:ss.SSS||yyyy-MM-dd HH:mm:ss.SSSS||yyyy-MM-dd HH:mm:ss.SSSSS||yyyy-MM-dd HH:mm:ss.SSSSSS||yyyy-MM-dd"
},
"value": {
"type": "string",
"index": "not_analyzed"
},
"valueLong": {
"type": "long",
"index": "not_analyzed"
}
}
}
}
}
}

三斗室 - ELK

赞同来自: Rubricate

为啥不在logstash里通过grok或者mutate过滤器预定义好数值类型呢?

要回复问题请先登录注册