【发布时间】:2016-10-08 22:36:04
【问题描述】:
我必须使用 logstash 在 elasticsearch 中创建自定义索引。我在elasticsearch中创建了新模板,在logstash配置中我指定了模板路径、模板名称和模板覆盖值,但是每当我运行logstash时,新索引都是用logstash-dd-mm-yy正则表达式生成的,而不是在属性中指定的template_name , logstash -config 文件是
input {
file {
path => "/temp/file.txt"
type => "words"
start_position => "beginning"
}
}
filter {
mutate {
add_field => {"words" => "%{message}"}
}
}
output {
elasticsearch {
hosts => ["elasticserver:9200"]
template => "pathtotemplate.json"
template_name => "newIndexName-*"
template_overwrite => true
}
stdout{}
}
索引模板文件是
{
"template": "dictinary-*",
"settings" : {
"number_of_shards" : 1,
"number_of_replicas" : 0,
"index" : {
"query" : { "default_field" : "@words" },
"store" : { "compress" : { "stored" : true, "tv": true } }
}
},
"mappings": {
"_default_": {
"_all": { "enabled": false },
"_source": { "compress": true },
"dynamic_templates": [
{
"string_template" : {
"match" : "*",
"mapping": { "type": "string", "index": "not_analyzed" },
"match_mapping_type" : "string"
}
}
],
"properties" : {
"@fields": { "type": "object", "dynamic": true, "path": "full" },
"@words" : { "type" : "string", "index" : "analyzed" },
"@source" : { "type" : "string", "index" : "not_analyzed" },
"@source_host" : { "type" : "string", "index" : "not_analyzed" },
"@source_path" : { "type" : "string", "index" : "not_analyzed" },
"@tags": { "type": "string", "index" : "not_analyzed" },
"@timestamp" : { "type" : "date", "index" : "not_analyzed" },
"@type" : { "type" : "string", "index" : "not_analyzed" }
}
}
}
}
请帮忙
【问题讨论】:
标签: elasticsearch logstash logstash-configuration