# curl -XPUT http://localhost:9200/logstash_log -d '{ "mappings": { "log": { "properties": { "@timestamp": { "type": "date", "format": "strict_date_optional_time||epoch_millis" }, "message": { "type": "string" }, "host": { "type": "ip" }, "name": { "type": "string", "index": "not_analyzed" }, "type": { "type": "string" } } } }}'尽管看起来好像是从logstash创建每日索引,但最好还是创建一个模板。将以下内容存储在里面
index_template.json
{ "template": "logstash-*", "mappings": { "log": { "properties": { "@timestamp": { "type": "date", "format": "strict_date_optional_time||epoch_millis" }, "message": { "type": "string" }, "host": { "type": "ip" }, "name": { "type": "string", "index": "not_analyzed" }, "type": { "type": "string" } } } }}然后像这样修改您的logstash配置:
output { elasticsearch { hosts => localhost index => "logstash_log-%{+YYYY.MM.dd}" manage_template => true template_name => "logstash" template => "/path/to/index_template.json" template_overwrite => true}欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)