json 用于logstash的Elasticsearch索引模板,其中包含其他NGINX字段

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了json 用于logstash的Elasticsearch索引模板,其中包含其他NGINX字段相关的知识,希望对你有一定的参考价值。

{
 "template_logstash":{
    "template" : "logstash*",
    "settings" : {
        "number_of_shards" : 5,
        "index.cache.field.type" : "soft",
        "index.refresh_interval" : "5s",
        "index.store.compress.stored" : true,
        "index.query.default_field" : "message",
        "index.routing.allocation.total_shards_per_node" : 5
    },
    "mappings" : {
        "_default_" : {
            "_all" : {"enabled" : false},
            "properties" : {
               "message": { "type": "string", "index": "analyzed" },
               "@source": { "type": "string", "index": "no" },
               "@source_host": { "type": "string", "index": "not_analyzed" },
               "@source_path": { "type": "string", "index": "not_analyzed" },
               "@tags": { "type": "string", "index": "not_analyzed" },
               "@timestamp": { "type": "date", "format": "yyyy-MM-dd'T'HH:mm:ss.SSSZZ||yyyy-MM-dd'T'HH:mm:ssZZ", "index": "not_analyzed" },
               "@type": { "type": "string", "index": "not_analyzed" },
               "@fields": {
                 "type" : "object",
                 "path" : "full",
                 "properties" : {
                   "bytes": { "index_name": "bytes", "type": "integer", "ignore_malformed": true, "index": "not_analyzed" },
                   "clientip": { "index_name": "clientip", "type": "ip", "index": "not_analyzed" },
                   "host": { "index_name": "host", "type": "string", "index": "analyzed" },
                   "httpversion": { "index_name": "httpversion", "type": "float", "ignore_malformed": true, "index": "not_analyzed" },
                   "method": { "index_name": "method", "type": "string", "index": "not_analyzed" },
                   "path": { "index_name": "path", "type": "string", "index": "analyzed" },
                   "referrer": { "index_name": "referrer", "type": "string", "index": "not_analyzed" },
                   "response": { "index_name": "response", "type": "integer", "ignore_malformed": true, "index": "not_analyzed" },
                   "syslog_hostname": { "index_name": "syslog_hostname", "type": "string", "index": "not_analyzed" },
                   "syslog_pri": { "index_name": "syslog_pri", "type": "integer", "ignore_malformed": true, "index": "not_analyzed" },
                   "syslog_program": { "index_name": "syslog_program", "type": "string", "index": "not_analyzed" },
                   "syslog_timestamp": { "index_name": "syslog_timestamp", "type": "string", "index": "no" },
                   "time": { "index_name": "time", "type": "string", "index": "no" },
                   "upstr_ip": { "index_name": "upstr_ip", "type": "ip", "index": "not_analyzed" },
                   "upstr_port": { "index_name": "upstr_port", "type": "integer", "ignore_malformed": true, "index": "not_analyzed" },
                   "upstrcode": { "index_name": "upstrcode",  "type": "integer", "ignore_malformed": true, "index": "not_analyzed" },
                   "upstrtime": { "index_name": "upstrtime", "type": "float", "ignore_malformed": true, "index": "not_analyzed" },
                   "useragent": { "index_name": "useragent", "type": "string", "index": "analyzed" }
                 }
               }
            }
        }
    }

 }
}

以上是关于json 用于logstash的Elasticsearch索引模板,其中包含其他NGINX字段的主要内容,如果未能解决你的问题,请参考以下文章

json 用于logstash的Elasticsearch索引模板,其中包含其他NGINX字段

ELK 2 – 熟悉配置

在 LogStash 中,如何删除任何大于特定大小的 json/xml 字段

logstash input监控json文件

Logstash Filebeat 安装配置之使用 Kibana 分析日志数据

Logstash:如何使用 Logstash 解析并摄入 JSON 数据到 Elasticsearch