"index": "not_analyzed" 在 elasticsearch 中
"index": "not_analyzed" in elasticsearch
我已经使用 cmd
删除了映射
curl -XDELETE 'http://localhost:9200/logstash_log*/'
在我的 conf 中,我将索引定义如下,
output {
elasticsearch {
hosts => localhost
index => "logstash_log-%{+YYYY.MM.dd}"
}
并尝试创建一个新映射,但出现错误
#curl -XPUT http://localhost:9200/logstash_log*/_mapping/log -d '
{
"properties":{
"@timestamp":"type":"date","format":"strict_date_optional_time||epoch_millis"},
"message":{"type":"string"},
"host":{"type":"ip"},
"name":{"type":"string","index": "not_analyzed"},
"type":{"type":"string"}
}
}'
{"error":{"root_cause":[{"type":"index_not_found_exception","reason":"no such index","resource.type":"index_or_alias","resource.id":"logstash_log*","index":"logstash_log*"}],"type":"index_not_found_exception","reason":"no such index","resource.type":"index_or_alias","resource.id":"logstash_log*","index":"logstash_log*"},"status":404}
我该如何解决?
任何帮助将不胜感激!!
您需要像这样重新创建索引:
# curl -XPUT http://localhost:9200/logstash_log -d '{
"mappings": {
"log": {
"properties": {
"@timestamp": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"message": {
"type": "string"
},
"host": {
"type": "ip"
},
"name": {
"type": "string",
"index": "not_analyzed"
},
"type": {
"type": "string"
}
}
}
}
}'
虽然看起来您是从 logstash 创建每日索引,但您最好还是创建一个模板。在 index_template.json
中存储以下内容
{
"template": "logstash-*",
"mappings": {
"log": {
"properties": {
"@timestamp": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"message": {
"type": "string"
},
"host": {
"type": "ip"
},
"name": {
"type": "string",
"index": "not_analyzed"
},
"type": {
"type": "string"
}
}
}
}
}
然后像这样修改您的 logstash 配置:
output {
elasticsearch {
hosts => localhost
index => "logstash_log-%{+YYYY.MM.dd}"
manage_template => true
template_name => "logstash"
template => "/path/to/index_template.json"
template_overwrite => true
}
* 是索引名称的无效字符。
Index name must not contain the following characters [\, /, *, ?, \",
<, >, |, , ,]
我已经使用 cmd
删除了映射curl -XDELETE 'http://localhost:9200/logstash_log*/'
在我的 conf 中,我将索引定义如下,
output {
elasticsearch {
hosts => localhost
index => "logstash_log-%{+YYYY.MM.dd}"
}
并尝试创建一个新映射,但出现错误
#curl -XPUT http://localhost:9200/logstash_log*/_mapping/log -d '
{
"properties":{
"@timestamp":"type":"date","format":"strict_date_optional_time||epoch_millis"},
"message":{"type":"string"},
"host":{"type":"ip"},
"name":{"type":"string","index": "not_analyzed"},
"type":{"type":"string"}
}
}'
{"error":{"root_cause":[{"type":"index_not_found_exception","reason":"no such index","resource.type":"index_or_alias","resource.id":"logstash_log*","index":"logstash_log*"}],"type":"index_not_found_exception","reason":"no such index","resource.type":"index_or_alias","resource.id":"logstash_log*","index":"logstash_log*"},"status":404}
我该如何解决? 任何帮助将不胜感激!!
您需要像这样重新创建索引:
# curl -XPUT http://localhost:9200/logstash_log -d '{
"mappings": {
"log": {
"properties": {
"@timestamp": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"message": {
"type": "string"
},
"host": {
"type": "ip"
},
"name": {
"type": "string",
"index": "not_analyzed"
},
"type": {
"type": "string"
}
}
}
}
}'
虽然看起来您是从 logstash 创建每日索引,但您最好还是创建一个模板。在 index_template.json
{
"template": "logstash-*",
"mappings": {
"log": {
"properties": {
"@timestamp": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"message": {
"type": "string"
},
"host": {
"type": "ip"
},
"name": {
"type": "string",
"index": "not_analyzed"
},
"type": {
"type": "string"
}
}
}
}
}
然后像这样修改您的 logstash 配置:
output {
elasticsearch {
hosts => localhost
index => "logstash_log-%{+YYYY.MM.dd}"
manage_template => true
template_name => "logstash"
template => "/path/to/index_template.json"
template_overwrite => true
}
* 是索引名称的无效字符。
Index name must not contain the following characters [\, /, *, ?, \", <, >, |, , ,]