在ELK(Elasticsearch,Logstash,Kibana)的上下文中,我瞭解到Logstash具有FILTER以利用grok將日誌消息分成不同的字段。根據我的理解,只有幫助將非結構化日誌數據轉換爲更多結構化數據。但我對Elasticsearch如何利用這些字段(通過grok完成)來提高查詢性能沒有任何意見?是否有可能根據傳統關係數據庫中的字段構建索引?Elasticsearch>是否有可能在FIELDS基礎上構建索引
從Elasticsearch: The Definitive Guide
Inverted index
Relational databases add an index, such as a B-tree index, to specific columns in
order to improve the speed of data retrieval. Elasticsearch and Lucene use a
structure called an inverted index for exactly the same purpose.
By default, every field in a document is indexed (has an inverted
index) and thus is searchable. A field without an inverted index is
not searchable. We discuss inverted indexes in more detail in Inverted Index.
所以你不需要做什麼特別的事情。 Elasticsearch默認已經索引了所有的字段。