新建mapping

新建索引： PUT logstash-redis-log-2017.12

PUT logstash-redis-log-2017.12/_mapping/redis-log

{ "properties" : {

"@timestamp" : {

"type" : "date"

},

"@version" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"Query" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"Rt" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"dest_ip" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"dest_port" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"kafka" : {

"properties" : {

"consumer_group" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"offset" : {

"type" : "long"

},

"partition" : {

"type" : "long"

},

"topic" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"message" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"request_len" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"request_ts" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"response_len" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"souce_ip" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

新建索引： PUT logstash-iis-log-2017.12

PUT logstash-iis-log-2017.12/_mapping/iis-log

{

"properties": {

"@timestamp": {

"type": "date"

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"c-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-host": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-method": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-query": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-stem": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"offset": {

"type": "long"

},

"partition": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-substatus": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-win32-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"tags": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"time-taken": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

新建template

Collapse source

PUT _template/logstash-iislog

{

"template" : "logstash-iislog-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings" : {

"iislog" : {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {

"@timestamp": {

"type": "date"

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"c-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-host": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-method": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-query": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-stem": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"offset": {

"type": "long"

},

"partition": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-substatus": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-win32-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"tags": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"time-taken": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

iis字段全选：

Collapse source

PUT _template/logstash-iis-ex

{

"template" : "logstash-iis-ex-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings" : {

"iis-ex" : {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {"cs-method": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-stem": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-query": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"sc-substatus": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-computername": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-username": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"type": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"sc-win32-status": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-host": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-version": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"@version": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"timestamp": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-sitename": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-bytes": {"type": "long",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"message": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"tags": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"time-taken": {"type": "long",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"@timestamp": {"type": "date"

},

"s": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-ip": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"kafka": {"properties": {"consumer_group": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"partition": {"type": "long"

},

"offset": {"type": "long"

},

"topic": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-port": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"sc-bytes": {"type": "long",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"c-ip": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

elasticsearch-template.json

Collapse source

{

"template" : "logstash-iis-log-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings" : {

"iis-log" : {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {

"cs-method": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-sitename": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-stem": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-bytes": {

"type": "long",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-query": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-substatus": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-computername": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-username": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"time-taken": {

"type": "long",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-win32-status": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"@timestamp": {

"type": "date"

},

"cs-host": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-version": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-ip": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"partition": {

"type": "long"

},

"offset": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-port": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-status": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-bytes": {

"type": "long",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"c-ip": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

PUT _template/f5-request

Collapse source

PUT _template/f5-request

{

"template" : "f5-request-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings": {

"f5-request": {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {

"@timestamp": {

"type": "date"

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"agent": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"bytes": {

"type": "long"

},

"clientip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"geoip": {

"properties": {

"city_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"continent_code": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"country_code2": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"country_code3": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"country_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"latitude": {

"type": "float"

},

"location": {

"type": "geo_point",

"ignore_malformed": "true"

},

"longitude": {

"type": "float"

},

"region_code": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"region_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timezone": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"httpmethod": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"httpuri": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"httpversion": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"offset": {

"type": "long"

},

"partition": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"referer": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"response": {

"type": "long"

},

"response_ms": {

"type": "long"

},

"server": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"server_port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"snat": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"tags": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"user": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_pool_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

新建mapping的更多相关文章

Zabbix实战-简易教程--监控OSPF
一.需求背景网络工程师需要对OSPF进行监控,需求如下: 1.状态展示 OSPF区域状态 OSPF接口状态 OSPF邻居状态 2.问题报警触发器设置: a.OSPF区域状态 b.OSPF接口状态 ...
手把手教你搭建SSH框架（Eclipse版）
原文来自公众号[C you again],若需下载完整源码,请在公众号后台回复"ssh". 本期文章详细讲解了SSH(Spring+SpringMVC+Hibernate)框架的搭 ...
Atitit s2018.2 s2 doc list on home ntpc.docx \Atiitt uke制度体系法律法规规章条例国王诏书.docx \Atiitt 手写文字识别讯飞科大语音云.docx \Atitit 代码托管与虚拟主机.docx \Atitit 企业文化每日心灵鸡汤值班发布.docx \Atitit 几大研发体系对比 Stage-Gat
Atitit s2018.2 s2 doc list on home ntpc.docx \Atiitt uke制度体系法律法规规章条例国王诏书.docx \Atiitt 手写文字识别 ...
新建SpringBoot项目运行页面报错Whitelabel Error Page This application has no explicit mapping for /error, so yo
新建SpringBoot项目运行页面报错Whitelabel Error Page This application has no explicit mapping for /error, so yo ...
Intellij Idea 15 下新建 Hibernate 项目以及如何添加配置
1.说明:Idea 下,项目对应于 Eclipse 下的 workspace,Module 对应于 Eclipse 下的项目.Idea 下,新添加的项目既可以单独作为一个 Project,也可以作为一 ...
使用MyBatis Generator自动创建代码(dao,mapping,poji)
连接的数据库为SQL server2008,所以需要的文件为sqljdbc4.jar 使用的lib库有: 在lib库目录下新建一个src文件夹用来存放生成的文件,然后新建generatorConfig ...
[NHibernate]O/R Mapping基础
系列文章 [Nhibernate]体系结构 [NHibernate]ISessionFactory配置 [NHibernate]持久化类(Persistent Classes) 引言对象和关系数据库 ...
NHibernate系列文章二十八：NHibernate Mapping之Auto Mapping（附程序下载）
摘要上一篇文章介绍了Fluent NHibernate基础知识.但是,Fluent NHibernate提供了一种更方便的Mapping方法称为Auto Mapping.只需在代码中定义一些Conv ...
NHibernate系列文章二十七：NHibernate Mapping之Fluent Mapping基础（附程序下载）
摘要从这一节起,介绍NHibernate Mapping的内容.前面文章都是使用的NHibernate XML Mapping.NHibernate XML Mapping是NHibernate最早 ...

随机推荐

const 命令
const 命令声明一个只读的常量,声明后值不可以改变 const 变量不可以重复声明 const一旦声明变量,就必须立即初始化,不能留到以后赋值. const命令声明的常量也是不提升,同样存在暂时性 ...
关于h5打包后 wag包无法安装的问题
如果不是逻辑错误,那么有可能是下列三种情况之一, 1 wgt打包时的appid与安装包不符 2 打包wgt文件和打包安装包文件用的不是同一个HBuilder账户 3 安装包打包时权限配置,和wgt包 ...
JavaScript ---- 原型，原型链（什么是原型）
和“闭包”一样,“原型”这个概念也经常被提起. 其实这个“概念”应该和构造函数,对象放在一起讲,但是由于时间关系,先把这部分抽取出来讲.再讲这个概念时我们先大致了解下JavaScript中的“对象”. ...
delphi xe10 网络文件传送
//网络传送文件(类似Server/Client) TTetheringManager|设备管理.TTetheringAppProfile|文件发送待补充
GetWindowLong
函数功能:该函数获得有关指定窗口的信息,函数也获得在额外窗口内存中指定偏移位地址的32位度整型值. 函数原型:LONG GetWindowLong(HWND hWnd,int nlndex): 参数: ...
NX二次开发-UFUN遍历函数UF_OBJ_cycle_objs_in_part
NX11+VS2013 #include <uf.h> #include <uf_obj.h> #include <uf_modl.h> #include < ...
arcgis api for javascipt 输出图片
地图模板制作-发布-gpurl调用 window.open可以直接打开url链接. saveas可以另存,仅支持ie浏览器 <!DOCTYPE html><html><h ...
Python的变长参数
Python的变长参数 def foo1(*args): for arg in args: print arg def foo2(**kargs): for key in kargs: print k ...
jquery中typeof的用法
typeof 可以用来检测给定变量的数据类型,可能的返回值: 'undefined' 'boolean' 'string' 'number' 'object' 'function' var hahah ...
this 关键字的使用及说明
this 是Java 中常见的一个关键字,它的主要作用是引用类的当前实例,本篇文章主要介绍 this 关键字的几种使用情况. 1. this 调用当前类的变量,也就是类中的成员变量. 代码示例: pu ...

新建mapping

新建mapping的更多相关文章

随机推荐

热门专题