Logstash指定ES Mapping问题
匿名 | 发布于2018年05月06日 | 阅读数:41961、Logstash配置如下:
33 output {
34 elasticsearch{
35 hosts => ["******:9200"]
36 index => "admin-tmp-%{[index_name]}-%{+YYYY.MM.dd}"
37 timeout => 300
39 template => "/usr/local/logstash-6.2.4/admin-template.json"
40 template_name => "mytest"
41 manage_template => false
42 template_overwrite => true
43 }
44 stdout {
45 codec=>rubydebug
46 }
47 }
2、Template配置如下:
1 {
2 "template": "logstash-*",
3 "version": 60001,
4 "settings": {
5 "index.refresh_interval": "5s",
6 "number_of_shards": "2",
7 "number_of_replicas": "1"
8 },
9 "mappings": {
10 "_doc": {
11 "dynamic_templates": [{
12 "message_field": {
13 "path_match": "message",
14 "match_mapping_type": "string",
15 "mapping": {
16 "type": "text",
17 "norms": false
18 }
19 }
20 }, {
21 "string_fields": {
22 "match": "*",
23 "match_mapping_type": "string",
24 "mapping": {
25 "type": "text",
26 "norms": false,
27 "fields": {
28 "keyword": {
29 "type": "keyword",
30 "ignore_above": 256
31 }
32 }
33 }
34 }
35 }],
36 "properties": {
37 "myport": {
38 "type": "long"
39 },
40
41 "mid": {
42 "type": "long"
43 }
44 }
45 }
46 }
47 }
3、写入日志为:
{"mid":"1234567890","myport":12345}
4、最后MID和src_port都没有改变:
"mid": { "type": "text", "fields": { "keyword": { "ignore_above": 256, "type": "keyword" } } },
"myport": { "type": "long" },
麻烦问一下,我哪里配错了啊?
3 个回复
kennywu76 - Wood
赞同来自:
mikeylj
赞同来自:
zqc0512 - andy zhou
赞同来自: