elasticsearch,Logstash,Kibana,Elastic Stack" />
elasticsearch,logstash,kibana,elastic-stack,Json,将json文件从Ntopng导入Elk堆栈
我正在尝试将一个json文件从Ntopng导入Elk堆栈,但我不知道如何创建索引 这是json文件包含的单个数据将json文件从Ntopng导入Elk堆栈,json,
elasticsearch,logstash,kibana,elastic-stack,Json,
{ "mac_address": "01:52:22:AE:73:1A", "seen.last": 1496621633, "asn": 11100, "symbolic_name": "abc.def.com", "asname": "test", "ip": { "ipVersion": 4, "localHost": false, "ip": "109.256.51.0" }, "localHost": false, "systemHost": false, "tcp_sent": { "packets": 0, "bytes": 0 }, "tcp_rcvd": { "packets": 42, "bytes": 4323 }, "udp_sent": { "packets": 0, "bytes": 0 }, "udp_rcvd": { "packets": 468, "bytes": 72142 }, "icmp_sent": { "packets": 0, "bytes": 0 }, "icmp_rcvd": { "packets": 0, "bytes": 0 }, "other_ip_sent": { "packets": 0, "bytes": 0 }, "other_ip_rcvd": { "packets": 0, "bytes": 0 }, "pktStats.sent": { }, "pktStats.recv": { "upTo128": 33, "upTo256": 943, "upTo512": 2 }, "throughput_bps": 0, "throughput_trend_bps": "Stable", "throughput_pps": 0, "throughput_trend_pps": "Stable", "flows.as_client": 0, "flows.as_server": 6, "num_alerts": 5, "sent": { "packets": 0, "bytes": 0 }, "rcvd": { "packets": 510, "bytes": 76465 }, "ndpiStats": { "Unknown": { "bytes": { "sent": 0, "rcvd": 72142 }, "packets": { "sent": 0, "rcvd": 468 } }, "HTTP": { "bytes": { "sent": 0, "rcvd": 1521 }, "packets": { "sent": 0, "rcvd": 18 } }, "SSL": { "bytes": { "sent": 0, "rcvd": 2802 }, "packets": { "sent": 0, "rcvd": 24 } } } }
{"mappings" : {"_default_" : {"properties" : { "mac_address" : {"type": "keyword" }, "seen.last" : {"type": "integer" }, "asn" : { "type" : "integer" }, "symbolic_name" : { "type" : "keyword" },"asname" : {"type": "keyword" },"ipVersion": { "type" : "integer" },"localHost": { "type" : "keyword" },
"ip": { "type" : "keyword" } .... .... } } }}'
{"index":{"_index":"test","_type":"act","_id":0}}