Question

我将Open Distro用于ElasticSearch 1.2版，并尝试通过Kibana应用基于索引的内部字段屏蔽。这是源数据：

"_source": {
    "referer": "http://twitter.com/success/ni-h-ish-ng",
    "request": "/styles/ads.css",
    "agent": "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24",
    "extension": "css",
    "memory": null,
    "ip": "111.58.155.54",
    "index": "kibana_sample_data_logs",
    "message": "111.58.155.54 - - [2018-08-03T07:12:52.205Z] \"GET /styles/ads.css HTTP/1.1\" 200 8070 \"-\" \"Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24\"",
    "url": "https://cdn.elastic-elastic-elastic.org/styles/ads.css",
    "tags": [
      "success",
      "info"
    ],
    "geo": {
      "srcdest": "IN:NG",
      "src": "IN",
      "coordinates": {
        "lon": -81.81947222,
        "lat": 38.92977778
      },
      "dest": "NG"
    },
    "utc_time": "2019-10-11T07:12:52.205Z",
    "bytes": 8070,
    "machine": {
      "os": "win 7",
      "ram": 15032385536
    },
    "response": 200,
    "clientip": "111.58.155.XXX",
    "host": "cdn.elastic-elastic-elastic.org",
    "phpmemory": null,
    "timestamp": "2019-10-11T07:12:52.205Z"
  },

我尝试访问geo.coordinates.lat，并按照documentation中的描述准备了一个简单的正则表达式。

这里有两个例子：

此人适用于clientip字段：

clientip::/[0-9]{1,3}$/::XXX

但是这个不适用于geo.coordinates.lat字段：

geo.coordinates.lat::/[0-9]{1,3}/::XXX

您知道为什么会这样吗？任何帮助表示赞赏，谢谢。

适用于ElasticSearch的OpenDistro |基于模式的内部场掩蔽

0 个答案: