我已经使用cmd删除了映射
curl -XDELETE 'http://localhost:9200/logstash_log*/'
在我的conf中,我已将索引定义如下,
output { elasticsearch { hosts => localhost index => "logstash_log-%{+YYYY.MM.dd}" }
并尝试创建一个新的映射,但是我得到了错误
#curl -XPUT http://localhost:9200/logstash_log*/_mapping/log -d ' { "properties":{ "@timestamp":"type":"date","format":"strict_date_optional_time||epoch_millis"}, "message":{"type":"string"}, "host":{"type":"ip"}, "name":{"type":"string","index": "not_analyzed"}, "type":{"type":"string"} } }'
{“错误”:{“ root_cause”:[{“类型”:“ index_not_found_exception”,“原因”:“无此类索引”,“ resource.type”:“ index_or_alias”,“ resource.id”:“ logstash_log ” ,“ index”:“ logstash_log ”}],“ type”:“ index_not_found_exception”,“ reason”:“无此类索引”,“ resource.type”:“ index_or_alias”,“ resource.id”:“ logstash_log ” ,“ index”:“ logstash_log ”},“ status”:404}
我该如何解决?任何帮助将不胜感激!!
您需要像这样重新创建索引:
# curl -XPUT http://localhost:9200/logstash_log -d '{ "mappings": { "log": { "properties": { "@timestamp": { "type": "date", "format": "strict_date_optional_time||epoch_millis" }, "message": { "type": "string" }, "host": { "type": "ip" }, "name": { "type": "string", "index": "not_analyzed" }, "type": { "type": "string" } } } } }'
尽管看起来好像是从logstash创建每日索引,但最好还是创建一个模板。将以下内容存储在里面index_template.json
index_template.json
{ "template": "logstash-*", "mappings": { "log": { "properties": { "@timestamp": { "type": "date", "format": "strict_date_optional_time||epoch_millis" }, "message": { "type": "string" }, "host": { "type": "ip" }, "name": { "type": "string", "index": "not_analyzed" }, "type": { "type": "string" } } } } }
然后像这样修改您的logstash配置:
output { elasticsearch { hosts => localhost index => "logstash_log-%{+YYYY.MM.dd}" manage_template => true template_name => "logstash" template => "/path/to/index_template.json" template_overwrite => true }
