堆栈内存溢出
  简体   繁体   English

多个索引logstash模板

[英]Multiple indices logstash template

 原文  2016-09-19 10:53:29       templates/ elasticsearch/ indexing/ logstash

问题描述

Since we are using different servers with different purposes, we configured FIlebeat to send the logs to one specific Index per server. 由于我们使用不同目的的不同服务器,因此我们将FIlebeat配置为将日志发送到每个服务器的一个特定索引。 Beta Index:Beta Test Index:Test Build Index:Jenkins Beta指数:Beta测试指数:测试构建指数:Jenkins

All the filters are working properly but trying to get the .raw fields I believed the templates were not configured properly. 所有过滤器都正常工作但尝试获取.raw字段我认为模板配置不正确。 Now I'm facing a hard time because it seems that everyone only use logstash- index 现在我面临困难,因为似乎每个人都只使用logstash-index

My output is: 我的输出是: 

output {
  elasticsearch {
    hosts => ["172.31.28.8:9200"]
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

Additionally, I installed the filebeat template, but again, it is waiting for "filebeat-" index and not for the one I have created. 另外,我安装了filebeat模板,但是它再次等待“filebeat-”索引而不是我创建的那个。

1 个解决方案

解决方案1
 0 已采纳  2016-09-19 23:53:55

I have the feeling that it is because of your manage_template = false setting. 我觉得这是因为你的manage_template = false设置。 Are you creating an index template of your own? 您是否正在创建自己的索引模板? If not, try allowing Elasticsearch to manage the template for you. 如果没有,请尝试允许Elasticsearch为您管理模板。

https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-manage_template https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-manage_template

The .raw fields are not_anazlyed versions of the field. .raw字段是该字段的not_anazlyed版本。 The default setting for a string mapping is analyzed (while the default setting for long, date, etc is not_analyzed). 分析字符串映射的默认设置(而未分析long,date等的默认设置)。 Strings by default have an analyzed main field and a not_analyzed (.raw) field. 默认情况下,字符串具有分析的主字段和not_analyzed(.raw)字段。

https://www.elastic.co/guide/en/elasticsearch/reference/current/default-mapping.html https://www.elastic.co/guide/en/elasticsearch/reference/current/default-mapping.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Logstash复制模板属性 - Logstash duplicates template properties Django模板变量和列表索引 - Django template vars and list indices 分片数量增加不支持 logstash 模板 - logstash template not honored for shard number increase Logstash不断覆盖Elasticsearch索引模板 - Logstash keeps overwriting Elasticsearch index template 弹性搜索未使用logstash中的已定义模板进行映射 - Defined Template from logstash not being used by elastic search for mapping 使用go模板库访问特定的数组索引 - Accessing specific array indices using the go template library 具有多个模板参数的模板专业化 - template specialization with multiple template parameters 具有多个模板参数的类模板 - class template with multiple template parameter 模板类的多个模板模板参数 - Multiple template template paremeters for template class 在模板模板参数中抛出多个模板类 - 模板绑定? - Throw multiple-template class in a template template parameter - template binding?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM