新建mapping

新建索引： PUT logstash-redis-log-2017.12

PUT logstash-redis-log-2017.12/_mapping/redis-log

{ "properties" : {

"@timestamp" : {

"type" : "date"

},

"@version" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"Query" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"Rt" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"dest_ip" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"dest_port" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"kafka" : {

"properties" : {

"consumer_group" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"offset" : {

"type" : "long"

},

"partition" : {

"type" : "long"

},

"topic" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"message" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"request_len" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"request_ts" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"response_len" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"souce_ip" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

新建索引： PUT logstash-iis-log-2017.12

PUT logstash-iis-log-2017.12/_mapping/iis-log

{

"properties": {

"@timestamp": {

"type": "date"

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"c-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-host": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-method": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-query": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-stem": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"offset": {

"type": "long"

},

"partition": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-substatus": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-win32-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"tags": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"time-taken": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

新建template

Collapse source

PUT _template/logstash-iislog

{

"template" : "logstash-iislog-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings" : {

"iislog" : {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {

"@timestamp": {

"type": "date"

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"c-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-host": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-method": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-query": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-stem": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"offset": {

"type": "long"

},

"partition": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-substatus": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-win32-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"tags": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"time-taken": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

iis字段全选：

Collapse source

PUT _template/logstash-iis-ex

{

"template" : "logstash-iis-ex-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings" : {

"iis-ex" : {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {"cs-method": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-stem": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-query": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"sc-substatus": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-computername": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-username": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"type": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"sc-win32-status": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-host": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-version": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"@version": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"timestamp": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-sitename": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-bytes": {"type": "long",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"message": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"tags": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"time-taken": {"type": "long",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"@timestamp": {"type": "date"

},

"s": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-ip": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"kafka": {"properties": {"consumer_group": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"partition": {"type": "long"

},

"offset": {"type": "long"

},

"topic": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-port": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"sc-bytes": {"type": "long",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"c-ip": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

elasticsearch-template.json

Collapse source

{

"template" : "logstash-iis-log-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings" : {

"iis-log" : {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {

"cs-method": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-sitename": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-stem": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-bytes": {

"type": "long",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-query": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-substatus": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-computername": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-username": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"time-taken": {

"type": "long",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-win32-status": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"@timestamp": {

"type": "date"

},

"cs-host": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-version": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-ip": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"partition": {

"type": "long"

},

"offset": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-port": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-status": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-bytes": {

"type": "long",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"c-ip": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

PUT _template/f5-request

Collapse source

PUT _template/f5-request

{

"template" : "f5-request-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings": {

"f5-request": {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {

"@timestamp": {

"type": "date"

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"agent": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"bytes": {

"type": "long"

},

"clientip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"geoip": {

"properties": {

"city_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"continent_code": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"country_code2": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"country_code3": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"country_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"latitude": {

"type": "float"

},

"location": {

"type": "geo_point",

"ignore_malformed": "true"

},

"longitude": {

"type": "float"

},

"region_code": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"region_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timezone": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"httpmethod": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"httpuri": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"httpversion": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"offset": {

"type": "long"

},

"partition": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"referer": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"response": {

"type": "long"

},

"response_ms": {

"type": "long"

},

"server": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"server_port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"snat": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"tags": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"user": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_pool_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

新建mapping的更多相关文章

Zabbix实战-简易教程--监控OSPF
一.需求背景网络工程师需要对OSPF进行监控,需求如下: 1.状态展示 OSPF区域状态 OSPF接口状态 OSPF邻居状态 2.问题报警触发器设置: a.OSPF区域状态 b.OSPF接口状态 ...
手把手教你搭建SSH框架（Eclipse版）
原文来自公众号[C you again],若需下载完整源码,请在公众号后台回复"ssh". 本期文章详细讲解了SSH(Spring+SpringMVC+Hibernate)框架的搭 ...
Atitit s2018.2 s2 doc list on home ntpc.docx \Atiitt uke制度体系法律法规规章条例国王诏书.docx \Atiitt 手写文字识别讯飞科大语音云.docx \Atitit 代码托管与虚拟主机.docx \Atitit 企业文化每日心灵鸡汤值班发布.docx \Atitit 几大研发体系对比 Stage-Gat
Atitit s2018.2 s2 doc list on home ntpc.docx \Atiitt uke制度体系法律法规规章条例国王诏书.docx \Atiitt 手写文字识别 ...
新建SpringBoot项目运行页面报错Whitelabel Error Page This application has no explicit mapping for /error, so yo
新建SpringBoot项目运行页面报错Whitelabel Error Page This application has no explicit mapping for /error, so yo ...
Intellij Idea 15 下新建 Hibernate 项目以及如何添加配置
1.说明:Idea 下,项目对应于 Eclipse 下的 workspace,Module 对应于 Eclipse 下的项目.Idea 下,新添加的项目既可以单独作为一个 Project,也可以作为一 ...
使用MyBatis Generator自动创建代码(dao,mapping,poji)
连接的数据库为SQL server2008,所以需要的文件为sqljdbc4.jar 使用的lib库有: 在lib库目录下新建一个src文件夹用来存放生成的文件,然后新建generatorConfig ...
[NHibernate]O/R Mapping基础
系列文章 [Nhibernate]体系结构 [NHibernate]ISessionFactory配置 [NHibernate]持久化类(Persistent Classes) 引言对象和关系数据库 ...
NHibernate系列文章二十八：NHibernate Mapping之Auto Mapping（附程序下载）
摘要上一篇文章介绍了Fluent NHibernate基础知识.但是,Fluent NHibernate提供了一种更方便的Mapping方法称为Auto Mapping.只需在代码中定义一些Conv ...
NHibernate系列文章二十七：NHibernate Mapping之Fluent Mapping基础（附程序下载）
摘要从这一节起,介绍NHibernate Mapping的内容.前面文章都是使用的NHibernate XML Mapping.NHibernate XML Mapping是NHibernate最早 ...

随机推荐

vue之父子组件执行对方的方法
一.子组件执行父组件中的方法 1.父组件将方法名传给子组件,子组件进行调用父组件中: <Vbutton typeBtn="success" :btnUserMethod=& ...
初始化css样式
html,body,div,ul,li,ol,a,input,textarea,p,dl,dt,dd{margin:0;padding:0;} ul li{list-style: none;} a{t ...
【BZOJ2938】【luoguP2444】病毒
description 二进制病毒审查委员会最近发现了如下的规律:某些确定的二进制串是病毒的代码.如果某段代码中不存在任何一段病毒代码,那么我们就称这段代码是安全的.现在委员会已经找出了所有的病毒代码 ...
[原创] delphi KeyUp、KeyPress、Keydown区别和用法，如何不按键盘调用事件
KeyPress (Sender: TObject; var Key: Char); 当用户按下键盘上的字符键(字母,数字) 会触发该事件,功能键则不会(F1-F12,Ctrl,Alt,Shift ...
Element-UI 的树列表实现单选
1. Element-UI 的 el-tree 组件当设置了 show-checkbox 属性以后,默认是只能多选的,如果我们想要将其改选为单选,就要进行一些特殊的处理,首先看效果图. 2. 组件代码 ...
lua之table|模块|包
一.table table是 Lua的一种数据结构用来帮助我们创建不同的数据类型,如:数字.字典等. Lua table使用关联型数组,你可以用任意类型的值来作数组的索引,但这个值不能是 ni ...
go语言type使用小技巧
import "fmt" type Rank int const ( Rank001 Rank = iota Rank002 Rank003 Rank004 ) var rewar ...
EnhanceFunc__增强函数集
想将经常用到的功能函数写在一起,花时间精心维护,然后以后就用起来就舒服很多了目前就写了进程调试权限,远程线程注入,远程线程释放这三个函数.还有很多功能,以后慢慢加 // last code by g ...
VIM 配色方案，先保存一下
https://github.com/chriskempson/tomorrow-theme http://ethanschoonover.com/solarized http://ethanscho ...
Sigils of Elohim
题目大意见游戏链接https://store.steampowered.com/app/321480/. 分析作为一个程序猿,我拒绝用人脑dfs. 代码如下 #include <bits/s ...

新建mapping

新建mapping的更多相关文章

随机推荐

热门专题