我一直在努力試圖迫使一個字段是一個geo_point但是場駐留在現場內的文件內。我正在使用elasicsearch 1.7並致力於讓所有的字段匹配,所以我可以升級到2.3.1。當前動態的 實例創建的映射:
{
"index-2016.01.01" : {
"mappings" : {
"document" : {
"properties" : {
"geoip" : {
"properties" : {
"location" : {
"type" : "double"
}
}
}
}
}
}
}
}
現在我有一個具有完全相同的結構幾個文件,我想將它添加到我的默認映射,使每個新的索引它被映射爲一個geo_point 。到目前爲止,我還沒有能夠實現這個目標,它只是以雙倍的速度進入。以下是我目前的default-mapping.json
{
"_default_" : {
"properties" : {
"level" : {
"type" : "string",
"norms" : {
"enabled" : false
}
},
"line" : {
"type" : "string",
"norms" : {
"enabled" : false
}
},
"geoip" : {
"properties" : {
"location" : {
"type" : "geo_point"
}
}
}
}
}
}
任何幫助將不勝感激。我試圖簡化它的位置:類型:geo_point,我試圖刪除其他步驟之間無濟於事。
下面是一個文檔的例子:
{
"_index": "logstash-2016.04.14",
"_type": "nginx-access",
"_id": "AVQV6PXtpRWl9K_VbKfj",
"_score": null,
"_source": {
"message": "172.16.120.108 - - [14/Apr/2016:12:54:24 -0500] \"GET /center-unit-service/find-by-building/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4?building=142 HTTP/1.1\" 200 119 \"https://lwhwms-dev7.corp.good-sam.com/participant-form/new/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\" 0.239 \"lwhwms-dev7.corp.good-sam.com\"",
"clientip": "172.16.120.108",
"ident": "-",
"auth": "-",
"verb": "GET",
"request": "/center-unit-service/find-by-building/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4?building=142",
"httpversion": "1.1",
"response": "200",
"bytes": 119,
"referer": "https://lwhwms-dev7.corp.good-sam.com/participant-form/new/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4",
"agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36",
"response_time": 0.239,
"server_name": "lwhwms-dev7.corp.good-sam.com",
"env": "dev7",
"host": "moses-web1-dev",
"type": "nginx-access",
"source": "/var/log/nginx/lwhwms-access.log",
"timestamp": "2016-04-14T12:54:24.000-0500",
"parsestamp": "2016-04-14T12:54:27.965-0500",
"application": "lwhwms",
"@version": "1",
"@timestamp": "2016-04-14T17:54:24.000Z",
"geoip": {
"ip": "172.16.120.108",
"country_code2": "US",
"country_code3": "USA",
"country_name": "United States",
"continent_code": "NA",
"city_name": "0010 - National Campus",
"postal_code": "57117",
"latitude": 43.50120000000001,
"longitude": -96.786,
"dma_code": 0,
"area_code": 0,
"location": [
-96.786,
43.50120000000001
]
},
"ua": {
"name": "Chrome",
"os": "Windows 7",
"os_name": "Windows 7",
"device": "Other",
"major": "49",
"minor": "0",
"patch": "2623"
},
"referrer": null
},
"sort": [
1460656464000,
1460656464000
]
}
預先感謝您的任何幫助。
這是我最終的答案最終看起來像。再次感謝大家的迴應,我希望這將有助於ELK世界的其他新手。
{
"template_1" : {
"template" : "*",
"mappings" : {
"_default_" : {
"dynamic_templates" : [
{
"geoip-location" : {
"path_match" : "geoip.location",
"mapping" : {
"type" : "geo_point"
}
}
},
{
"geoip-ip" : {
"path_match" : "geoip.ip",
"mapping" : {
"type" : "string",
"norms" : { "enabled" : false }
}
}
},
{
"level-string" : {
"match" : "level",
"mapping" : {
"type" : "string",
"norms" : { "enabled" : false }
}
}
},
{
"line-string" : {
"match" : "line",
"mapping" : {
"type" : "string",
"norms" : { "enabled" : false }
}
}
}
]
}
}
}
}
的名稱。我的目標是重新編制我們的文檔,以便我們升級到2.3.1。 –
你可以顯示你正在索引的示例文檔嗎? – Val
@Val - 我已經添加了一個例子。 –