2016-04-14 126 views
1

下午好,Elasticsearch默認映射嵌套領域

我一直在努力試圖迫使一個字段是一個geo_point但是場駐留在現場內的文件內。我正在使用elasicsearch 1.7並致力於讓所有的字段匹配,所以我可以升級到2.3.1。當前動態的 實例創建的映射:

{ 
    "index-2016.01.01" : { 
    "mappings" : { 
     "document" : { 
     "properties" : { 
      "geoip" : { 
      "properties" : { 
       "location" : { 
       "type" : "double" 
       } 
      } 
      } 
     } 
     } 
    } 
    } 
} 

現在我有一個具有完全相同的結構幾個文件,我想將它添加到我的默認映射,使每個新的索引它被映射爲一個geo_point 。到目前爲止,我還沒有能夠實現這個目標,它只是以雙倍的速度進入。以下是我目前的default-mapping.json

{ 
    "_default_" : { 
    "properties" : { 
     "level" : { 
     "type" : "string", 
     "norms" : { 
      "enabled" : false 
     } 
     }, 
     "line" : { 
     "type" : "string", 
     "norms" : { 
      "enabled" : false 
     } 
     }, 
     "geoip" : { 
     "properties" : { 
      "location" : { 
      "type" : "geo_point" 
      } 
     } 
     } 
    } 
    } 
} 

任何幫助將不勝感激。我試圖簡化它的位置:類型:geo_point,我試圖刪除其他步驟之間無濟於事。

下面是一個文檔的例子:

{ 
    "_index": "logstash-2016.04.14", 
    "_type": "nginx-access", 
    "_id": "AVQV6PXtpRWl9K_VbKfj", 
    "_score": null, 
    "_source": { 
    "message": "172.16.120.108 - - [14/Apr/2016:12:54:24 -0500] \"GET /center-unit-service/find-by-building/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4?building=142 HTTP/1.1\" 200 119 \"https://lwhwms-dev7.corp.good-sam.com/participant-form/new/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\" 0.239 \"lwhwms-dev7.corp.good-sam.com\"", 
    "clientip": "172.16.120.108", 
    "ident": "-", 
    "auth": "-", 
    "verb": "GET", 
    "request": "/center-unit-service/find-by-building/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4?building=142", 
    "httpversion": "1.1", 
    "response": "200", 
    "bytes": 119, 
    "referer": "https://lwhwms-dev7.corp.good-sam.com/participant-form/new/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4", 
    "agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36", 
    "response_time": 0.239, 
    "server_name": "lwhwms-dev7.corp.good-sam.com", 
    "env": "dev7", 
    "host": "moses-web1-dev", 
    "type": "nginx-access", 
    "source": "/var/log/nginx/lwhwms-access.log", 
    "timestamp": "2016-04-14T12:54:24.000-0500", 
    "parsestamp": "2016-04-14T12:54:27.965-0500", 
    "application": "lwhwms", 
    "@version": "1", 
    "@timestamp": "2016-04-14T17:54:24.000Z", 
    "geoip": { 
     "ip": "172.16.120.108", 
     "country_code2": "US", 
     "country_code3": "USA", 
     "country_name": "United States", 
     "continent_code": "NA", 
     "city_name": "0010 - National Campus", 
     "postal_code": "57117", 
     "latitude": 43.50120000000001, 
     "longitude": -96.786, 
     "dma_code": 0, 
     "area_code": 0, 
     "location": [ 
     -96.786, 
     43.50120000000001 
     ] 
    }, 
    "ua": { 
     "name": "Chrome", 
     "os": "Windows 7", 
     "os_name": "Windows 7", 
     "device": "Other", 
     "major": "49", 
     "minor": "0", 
     "patch": "2623" 
    }, 
    "referrer": null 
    }, 
    "sort": [ 
    1460656464000, 
    1460656464000 
    ] 
} 

預先感謝您的任何幫助。

這是我最終的答案最終看起來像。再次感謝大家的迴應,我希望這將有助於ELK世界的其他新手。

{ 
    "template_1" : { 
    "template" : "*", 
    "mappings" : { 
     "_default_" : { 
     "dynamic_templates" : [ 
      { 
      "geoip-location" : { 
       "path_match" : "geoip.location", 
       "mapping" : { 
       "type" : "geo_point" 
       } 
      } 
      }, 
      { 
      "geoip-ip" : { 
       "path_match" : "geoip.ip", 
       "mapping" : { 
       "type" : "string", 
       "norms" : { "enabled" : false } 
       } 
      } 
      }, 
      { 
      "level-string" : { 
       "match" : "level", 
       "mapping" : { 
       "type" : "string", 
       "norms" : { "enabled" : false } 
       } 
      } 
      }, 
      { 
      "line-string" : { 
       "match" : "line", 
       "mapping" : { 
       "type" : "string", 
       "norms" : { "enabled" : false } 
       } 
      } 
      } 
     ] 
     } 
    } 
    } 
} 
+0

的名稱。我的目標是重新編制我們的文檔,以便我們升級到2.3.1。 –

+0

你可以顯示你正在索引的示例文檔嗎? – Val

+0

@Val - 我已經添加了一個例子。 –

回答

1

你可以使用動態模板嗎?

{ 
    "mappings":{ 
     "_default_":{ 
     "dynamic_templates":[ 
      { 
       "geoip":{ 
        "path_match":"geoip.location", 
        "mapping":{ 
        "type":"geo_point" 
        } 
       } 
      } 
     ] 
     } 
    } 
} 

你可以改變_ DEFAULT_也這是使用elasticsearch 1.7索引

+0

好吧,我想避免必須爲每個文檔創建一個動態模板。我嘗試添加你的默認mappings.json,但沒有奏效。 –

+0

好吧,我不明白動態模板的工作原理。迄今爲止,這似乎爲我工作。謝謝你的回答! –