新建mapping

新建索引： PUT logstash-redis-log-2017.12

PUT logstash-redis-log-2017.12/_mapping/redis-log

{ "properties" : {

"@timestamp" : {

"type" : "date"

},

"@version" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"Query" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"Rt" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"dest_ip" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"dest_port" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"kafka" : {

"properties" : {

"consumer_group" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"offset" : {

"type" : "long"

},

"partition" : {

"type" : "long"

},

"topic" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"message" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"request_len" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"request_ts" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"response_len" : {

"type" : "long",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

},

"souce_ip" : {

"type" : "text",

"fields" : {

"keyword" : {

"type" : "keyword",

"ignore_above" : 256

}

新建索引： PUT logstash-iis-log-2017.12

PUT logstash-iis-log-2017.12/_mapping/iis-log

{

"properties": {

"@timestamp": {

"type": "date"

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"c-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-host": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-method": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-query": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-stem": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"offset": {

"type": "long"

},

"partition": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-substatus": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-win32-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"tags": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"time-taken": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

新建template

Collapse source

PUT _template/logstash-iislog

{

"template" : "logstash-iislog-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings" : {

"iislog" : {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {

"@timestamp": {

"type": "date"

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"c-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-host": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-method": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-query": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"cs-uri-stem": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"offset": {

"type": "long"

},

"partition": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"s-port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-bytes": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-substatus": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"sc-win32-status": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"tags": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"time-taken": {

"type": "long",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

iis字段全选：

Collapse source

PUT _template/logstash-iis-ex

{

"template" : "logstash-iis-ex-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings" : {

"iis-ex" : {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {"cs-method": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-stem": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-query": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"sc-substatus": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-computername": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-username": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"type": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"sc-win32-status": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-host": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-version": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"@version": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"timestamp": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-sitename": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs-bytes": {"type": "long",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"message": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"tags": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"time-taken": {"type": "long",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"cs": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"@timestamp": {"type": "date"

},

"s": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-ip": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"kafka": {"properties": {"consumer_group": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"partition": {"type": "long"

},

"offset": {"type": "long"

},

"topic": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"s-port": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"sc-bytes": {"type": "long",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

},

"c-ip": {"type": "text",

"fields": {"keyword": {"ignore_above": 256,

"type": "keyword"

}

elasticsearch-template.json

Collapse source

{

"template" : "logstash-iis-log-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings" : {

"iis-log" : {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {

"cs-method": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-sitename": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-stem": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-bytes": {

"type": "long",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-uri-query": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-substatus": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-computername": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-username": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"time-taken": {

"type": "long",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-win32-status": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"@timestamp": {

"type": "date"

},

"cs-host": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"cs-version": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-ip": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"partition": {

"type": "long"

},

"offset": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"s-port": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-status": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"sc-bytes": {

"type": "long",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"c-ip": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"ignore_above": 256,

"type": "keyword"

}

PUT _template/f5-request

Collapse source

PUT _template/f5-request

{

"template" : "f5-request-*",

"settings" : {

"index.refresh_interval" : "5s"

},

"mappings": {

"f5-request": {

"dynamic_templates" : [ {

"string_fields" : {

"match" : "*",

"match_mapping_type" : "string",

"mapping" : {

"type" : "string", "index" : "not_analyzed", "omit_norms" : true

}

} ],

"properties": {

"@timestamp": {

"type": "date"

},

"@version": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"agent": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"bytes": {

"type": "long"

},

"clientip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"geoip": {

"properties": {

"city_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"continent_code": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"country_code2": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"country_code3": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"country_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"latitude": {

"type": "float"

},

"location": {

"type": "geo_point",

"ignore_malformed": "true"

},

"longitude": {

"type": "float"

},

"region_code": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"region_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timezone": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"httpmethod": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"httpuri": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"httpversion": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"kafka": {

"properties": {

"consumer_group": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"offset": {

"type": "long"

},

"partition": {

"type": "long"

},

"topic": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"message": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"referer": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"response": {

"type": "long"

},

"response_ms": {

"type": "long"

},

"server": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"server_port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"snat": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"tags": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"timestamp": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"type": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"user": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_ip": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_pool_name": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

},

"virtual_port": {

"type": "text",

"fields": {

"keyword": {

"type": "keyword",

"ignore_above": 256

}

新建mapping的更多相关文章

Zabbix实战-简易教程--监控OSPF
一.需求背景网络工程师需要对OSPF进行监控,需求如下: 1.状态展示 OSPF区域状态 OSPF接口状态 OSPF邻居状态 2.问题报警触发器设置: a.OSPF区域状态 b.OSPF接口状态 ...
手把手教你搭建SSH框架（Eclipse版）
原文来自公众号[C you again],若需下载完整源码,请在公众号后台回复"ssh". 本期文章详细讲解了SSH(Spring+SpringMVC+Hibernate)框架的搭 ...
Atitit s2018.2 s2 doc list on home ntpc.docx \Atiitt uke制度体系法律法规规章条例国王诏书.docx \Atiitt 手写文字识别讯飞科大语音云.docx \Atitit 代码托管与虚拟主机.docx \Atitit 企业文化每日心灵鸡汤值班发布.docx \Atitit 几大研发体系对比 Stage-Gat
Atitit s2018.2 s2 doc list on home ntpc.docx \Atiitt uke制度体系法律法规规章条例国王诏书.docx \Atiitt 手写文字识别 ...
新建SpringBoot项目运行页面报错Whitelabel Error Page This application has no explicit mapping for /error, so yo
新建SpringBoot项目运行页面报错Whitelabel Error Page This application has no explicit mapping for /error, so yo ...
Intellij Idea 15 下新建 Hibernate 项目以及如何添加配置
1.说明:Idea 下,项目对应于 Eclipse 下的 workspace,Module 对应于 Eclipse 下的项目.Idea 下,新添加的项目既可以单独作为一个 Project,也可以作为一 ...
使用MyBatis Generator自动创建代码(dao,mapping,poji)
连接的数据库为SQL server2008,所以需要的文件为sqljdbc4.jar 使用的lib库有: 在lib库目录下新建一个src文件夹用来存放生成的文件,然后新建generatorConfig ...
[NHibernate]O/R Mapping基础
系列文章 [Nhibernate]体系结构 [NHibernate]ISessionFactory配置 [NHibernate]持久化类(Persistent Classes) 引言对象和关系数据库 ...
NHibernate系列文章二十八：NHibernate Mapping之Auto Mapping（附程序下载）
摘要上一篇文章介绍了Fluent NHibernate基础知识.但是,Fluent NHibernate提供了一种更方便的Mapping方法称为Auto Mapping.只需在代码中定义一些Conv ...
NHibernate系列文章二十七：NHibernate Mapping之Fluent Mapping基础（附程序下载）
摘要从这一节起,介绍NHibernate Mapping的内容.前面文章都是使用的NHibernate XML Mapping.NHibernate XML Mapping是NHibernate最早 ...

随机推荐

redis数据库操作
一.String(字符串)操作 String在redis中的存储是按照key-value的形式存储 1.SET key value [EX seconds] [PX milliseconds] [NX ...
rsync+inotify同步备份文件
前言 rsync作用:man rsync可以看到解释为a fast, versatile, remote (and local) file-copying tool,主要进行文件的同步. inotif ...
MyBatis是如何使用的？
MyBatis前身世iBatis本是Apache的一个开源项目,2010年这个项目迁移到google code并改名为MyBatis. 一.高级软件介绍 1.JDK 8 2.Eclipse mars2 ...
Jmeter-【JSON Extractor】-响应结果中二级key取值
一.请求返回样式二.取chapter的值三.查看结果
JMM 内存模型与 volatile 关键字
内存模型线程之间的共享变量存储在主内存(main memory)中,每个线程都有一个私有的本地内存(local memory). 本地内存中存储了该线程以读/写共享变量的副本. 不同线程之间无法相互 ...
视频质量评测标准——VMAF
阿里云视频云直播转码每天都会处理大量的不同场景.不同编码格式的直播流.为了保证高画质,团队借助VMAF标准来对每路转码的效果做质量评估,然后进行反馈.调优.迭代.这么做的原因在于,像动作片.纪录片.动 ...
delphi 特殊窗体
delphi 窗体阴影放窗体创建事件里面 SetClassLong(Handle, GCL_STYLE, GetClassLong(Handle, GCL_STYLE) or CS_DROPSHAD ...
Visual Studio Code 的简单试用体验
首先对Visual Studio Code做一个大概的介绍.首先明确一下,这个Visual Studio Code(以下简称 vscode)是一个带GUI的代码编辑器,也就是只能完成简单的代码编辑功能 ...
Python 利用微信端口查看列车时刻表
import requests """ 该程序查看列车时刻 """ url0 = 'http://www.webxml.com.cn/Web ...
LeetCode 181. Employees Earning More Than Their Managers (超过经理收入的员工)
题目标签: 题目给了我们一个员工表,包括经理.员工会有经理的id. 这里可以重复利用两次表格,表格a, 表格b,当a 员工的经理id 等于 b员工时候,在从中找到员工工资大于经理的.具体看co ...

新建mapping

新建mapping的更多相关文章

随机推荐

热门专题