1. 首页
  2. 问题
  3. 如果ES中存在索引的索引,是否有基于API的方法在Kibana中创建索引模式
一尘不染

如果ES中存在索引的索引,是否有基于API的方法在Kibana中创建索引模式

elasticsearch

我在ES中有一个索引。我需要使用API​​调用在.kibana中创建相同的索引模式。在此创建中,我什至要设置将成为timestamp列的列。赞赏。


阅读 497

收藏
2020-06-22

共1个答案

一尘不染

您可以做到,但是您需要自己构建整个结构。索引模式定义如下所示:

PUT .kibana/doc/index-pattern:<some-uuid>
{
      "type": "index-pattern",
      "updated_at": "2018-01-27T07:12:05.373Z",
      "index-pattern": {
        "title": "test*",
        "timeFieldName": "@timestamp",
        "fields": """ ... """,
      }
}
  • title 是索引模式的名称,如果通过UI创建索引模式,则输入的名称与您输入的名称相同
  • timeFieldName 是时间戳字段的名称
  • fields 是一个字符串,其中包含索引模式中所有字段定义的JSON数组(请参见下文)

字段定义如下所示:

[
  {
    "name": "@timestamp",
    "type": "date",
    "count": 0,
    "scripted": false,
    "searchable": true,
    "aggregatable": true,
    "readFromDocValues": true
  },
  {
    "name": "_id",
    "type": "string",
    "count": 0,
    "scripted": false,
    "searchable": true,
    "aggregatable": true,
    "readFromDocValues": false
  },
  {
    "name": "_index",
    "type": "string",
    "count": 0,
    "scripted": false,
    "searchable": true,
    "aggregatable": true,
    "readFromDocValues": false
  },
  {
    "name": "_score",
    "type": "number",
    "count": 0,
    "scripted": false,
    "searchable": false,
    "aggregatable": false,
    "readFromDocValues": false
  },
  {
    "name": "_source",
    "type": "_source",
    "count": 0,
    "scripted": false,
    "searchable": false,
    "aggregatable": false,
    "readFromDocValues": false
  },
  {
    "name": "_type",
    "type": "string",
    "count": 0,
    "scripted": false,
    "searchable": true,
    "aggregatable": true,
    "readFromDocValues": false
  },
  {
    "name": "referer",
    "type": "string",
    "count": 0,
    "scripted": false,
    "searchable": true,
    "aggregatable": false,
    "readFromDocValues": false
  },
  ...
]

因此,您需要为每个字段创建此数组,然后对其进行字符串化并将字符串放入fields字段中。

这是代表索引模式的样本文档:

 {
      "type": "index-pattern",
      "updated_at": "2018-01-27T07:12:05.373Z",
      "index-pattern": {
        "title": "test*",
        "timeFieldName": "@timestamp",
        "fields": """[{"name":"@timestamp","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"_id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"_index","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"_score","type":"number","count":0,"scripted":false,"searchable":false,"aggregatable":false,"readFromDocValues":false},{"name":"_source","type":"_source","count":0,"scripted":false,"searchable":false,"aggregatable":false,"readFromDocValues":false},{"name":"_type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"referer","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"referer.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"status","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"url","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"url.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true}]"""
      }
    }
2020-06-22