elasticsearch 日志存储配置,elasticsearch,logstash,elasticsearch,Logstash" /> elasticsearch 日志存储配置,elasticsearch,logstash,elasticsearch,Logstash" />
Fatal编程技术网

elasticsearch 日志存储配置

logstash

elasticsearch 日志存储配置,elasticsearch,logstash,elasticsearch,Logstash,关于日志存储配置的问题 这是我的日志存储配置: useragent { source => "cs_user_agent" target => "useragent" remove_field => ["cs_user_agent"] } mutate { rename => { "useragent" => "[hit][user

关于日志存储配置的问题 这是我的日志存储配置:

  useragent {
    source => "cs_user_agent"
    target => "useragent"
    remove_field => ["cs_user_agent"]
  }

  mutate {
    rename => { "useragent" => "[hit][useragent]" }
  }
以下是模板的一部分:

        "useragent":{
          "type": "nested",
          "properties":{
            "build":{
              "type":"text",
              "fields":{
                "keyword":{
                  "type":"keyword",
                  "ignore_above":256
                }
              }
            },
            "device":{
              "type":"text",
              "fields":{
                "keyword":{
                  "type":"keyword",
                  "ignore_above":256
                }
              }
            },
            "major":{
              "type":"text",
              "fields":{
                "keyword":{
                  "type":"keyword",
                  "ignore_above":256
                }
              }
            },
            "minor":{
              "type":"text",
              "fields":{
                "keyword":{
                  "type":"keyword",
                  "ignore_above":256
                }
              }
            },
            "name":{
              "type":"text",
              "fields":{
                "keyword":{
                  "type":"keyword",
                  "ignore_above":256
                }
              }
            },
            "os":{
              "type":"text",
              "fields":{
                "keyword":{
                  "type":"keyword",
                  "ignore_above":256
                }
              }
            },
            "os_name":{
              "type":"text",
              "fields":{
                "keyword":{
                  "type":"keyword",
                  "ignore_above":256
                }
              }
            },
            "patch":{
              "type":"text",
              "fields":{
                "keyword":{
                  "type":"keyword",
                  "ignore_above":256
                }
              }
            }
          }
        },
这里有一个例外:

无法将事件索引到Elasticsearch。{:status=>400,:action=>Event:0x3ac94d46,{:index=>nil,:\u index=>“stats”,:\u type=>“\u doc”,:\u routing=>nil},{LogStash::Event:0x3ac94d46],:response=>{“index”=>“{u index”=>“stats”,“\u type=>“\u doc”,“\u id”=>“rqwnqbfu XrP68nSHP”,“status”=>400,“error”=>“type”=>“mapper类型”=>“{usertype=”解析失败,“[x4u]异常原因是什么在id为'X4RqWnQBFu_XrP68nSHP'的文档中,字段值的预览:“{patch=4147,major=84,os=Other,minor=0,build=,name=Chrome,os_name=Other,device=Other}”,由“=>{”type=>“非法状态_异常”,“原因”=>“无法在1:266处获取开始_对象的文本”}

我错过了什么?是logstash配置错误还是es映射错误?

此错误与logstash配置有关。能否共享整个筛选器?此错误与logstash配置有关。你能分享整个过滤器吗?