我正在寻找在elasticsearch中创建索引的指南,但它并不像在以下指南中那样简单:
https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html
我想要做的事似乎很简单,但我似乎无法让它发挥作用。现在,我希望我的索引是每日索引(与默认的logstash索引相同),但有一些更改。这些更改包括名称更改和具有特定类型的字段的特定映射。现在我知道我必须在logstasg配置的output-elasticsearch部分中指定:
index => "name-%{+YYYY.MM.dd}"
我发现的唯一信息是可以根据模板创建索引,我尝试创建模板,但仍然没有任何反应。
创建模板我使用了以下内容:
PUT _template/ids
{
"template": "ids-*",
"order": 0,
"settings": {
"index": {
"number_of_shards": 5,
"number_of_replicas": 1
},
"mappings": {
"log": {
"_all": {
"enabled": true,
"omit_norms": true
},
"properties": {
"@timestamp": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"@version": {
"type": "string",
"index": "not_analyzed"
},
"field1": {
"type": "string",
"index": "not_analyzed"
},
"field2": {
"type": "string",
"index": "not_analyzed"
},
答案 0 :(得分:0)
对于每日指数"一些变化"使用模板很不错。
要检查群集中已设置的模板,请使用:
GET {es_url}/_template
要将新模板设置为群集,请使用:
PUT {es_url}/_template/ids
{
"template": "ids-*",
"order": 0,
"settings": {
"index": {
"number_of_shards": 5,
"number_of_replicas": 1
},
"mappings": {
"log": {
"_all": {
"enabled": true,
"omit_norms": true
},
"properties": {
"@timestamp": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"@version": {
"type": "string",
"index": "not_analyzed"
},
"field1": {
"type": "string",
"index": "not_analyzed"
},
"field2": {
"type": "string",
"index": "not_analyzed"
}
}
}
}}}
要删除现有模板,请使用:
DELETE {es_url}/_template/{template_name}
如果您设置" ID"模板到集群 - 将插入到集群的任何文档,使用与#34; ID相匹配的名称进行索引 - *" (又名" ids-123"," ids-sheker"," ids-2016.05.02")将获得插入的ids模板的映射。