Attempting to analyze access logs in Elasticsearch 5.5.
"I registered the template ""access_log-template"" to generate a daily index such as ""access_log-2017.10.25"", but the daily text is as follows."
Do you know the cause?
I use Fluentd for data registration.
·The agent field set to keyword becomes text+keyword
·Long code field becomes text+keyword
JSON
for registered templates{
"template": "access_log-*",
"mappings": {
"access_log":{
"_source": {"enabled":false},
"properties": {
"code": {"type": "long"},
"agent": {"type":"keyword"}
}
}
}
}
Mapping Information
{
"access_log-template": {
"mappings": {
"access_log":{
"_source": {
"enabled"—false
},
"properties": {
"agent": {
"type": "keyword"
},
"code": {
"type": "long"
}
}
}
}
},
"access_log-2017.10.25": {
"mappings": {
"access_log":{
"properties": {
"@tag_key_name":{
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"@timestamp":{
"type": "date"
},
"agent": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"code": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
}
Self-resolved.
The template registration API URL was just wrong...
https://www.elastic.co/guide/en/elasticsearch/reference/5.5/indices-templates.html
© 2024 OneMinuteCode. All rights reserved.