如何解决apache access组合日志的ELK堆栈映射冲突_Apache_<img Src="//i.stack.imgur.com/RUiNP.png" Height="16" Width="18" Alt="" Class="sponsor Tag Img">elasticsearch_Mapping_Conflict_Logstash Grok

如何解决apache access组合日志的ELK堆栈映射冲突

apache mapping

如何解决apache access组合日志的ELK堆栈映射冲突,apache,elasticsearch,mapping,conflict,logstash-grok,Apache,elasticsearch,Mapping,Conflict,Logstash Grok,我正在尝试学习ELK stack，我从索引apache访问日志开始，我有Logstash 1.4.2、Elasticseach 1.5.1和kiabna 4.0.2 for windows。以下是我的配置文件。对于elasticsearch的映射，我使用了 curl -XPOST localhost:9200/apache_access?ignore_conflicts=true -d '{ "settings" : { "number_of_shards"

我正在尝试学习ELK stack，我从索引apache访问日志开始，我有Logstash 1.4.2、Elasticseach 1.5.1和kiabna 4.0.2 for windows。以下是我的配置文件。对于elasticsearch的映射，我使用了

curl -XPOST localhost:9200/apache_access?ignore_conflicts=true -d '{  
    "settings" : {  
          "number_of_shards" : 1  
    },  
    "mappings" : {  
        "apache" : {  



 "properties" : {

"timestamp" : {"type":"date", "format" : "DD/MMM/YYYY:HH:mm:ss" },             
"bytes": {"type": "long"},   
"response":{ "type":"long"},  
"clientip":{ "type": "ip"},  
"geoip" : { "type" : "geo_point"}  
}  
        }  
    }  
}'

我的logstash-apache.conf是

我面临的是，对于我在elasticsearch中应用映射的字段，即字节、响应、客户端，我遇到了冲突。我理解发生了什么，因为它说这些字段都有字符串和long作为字段类型。但我不明白为什么会这样，因为我已经应用了映射。我也想解决这个问题。非常感谢您的帮助。

通过版本升级解决了此问题。

input   {  
  file {
    path => "D:\data\access_log1.log"  
    start_position => beginning  
    }
}

filter {


    grok {
      match => { "message" => "%{COMBINEDAPACHELOG}" }
    }
    geoip{
    source => "clientip"
    target => "geoip"
    }

  date {
    match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ,"ISO8601"]
  }
}

output {  
  elasticsearch {  
            host => "localhost"  
            protocol => http  
            index => "apache_access"    
    }  
      stdout { codec => rubydebug }  
}