elasticsearch,Logstash,Kibana" />
elasticsearch,logstash,kibana,Ruby,Csv,Ruby 如何将Logstash中的字段设置为;“未分析”;使用Logstash配置文件
我有一个elasticsearch索引,我用它来索引一组文档 这些文档最初是csv格式的,我希望使用logstash解析这些文档 我的日志存储配置文件是Ruby 如何将Logstash中的字段设置为;“未分析”;使用Logstash配置文件,ruby,csv,
elasticsearch,logstash,kibana,Ruby,Csv,
input {
file {
path => "/csv_files_for_logstash/app1lg.csv"
type => "core2"
start_position => "beginning"
} }
filter {
csv {
separator => ","
columns=> ["Date","Package Name","App Version Code","Current Device Installs","Daily Device Installs","Daily Device Uninstalls","Daily Device Upgrades","Current User Installs","Total User Installs","Daily User Installs","Daily User Uninstalls"]
}
mutate {convert => ["App Version Code", "string"]}
mutate {convert => ["Current Device Installs", "float"]}
mutate {convert => ["Daily Device Installs", "float"]}
mutate {convert => ["Daily Device Uninstalls", "float"]}
mutate {convert => ["Current User Installs", "float"]}
mutate {convert => ["Total User Installs", "float"]}
mutate {convert => ["Daily User Installs", "float"]}
mutate {convert => ["Daily User Uninstalls", "float"]}
ruby {
code => '
b = event["App Version Code"]
string2=""
for counter in (3..(b.size-1))
if counter == 4
string2+= "."+ b[counter]
elsif counter == 6
string2+= "("+b[counter]
elsif counter == 8
string2+= b[counter] + ")"
else
string2+= b[counter]
end
end
event["App Version Code"] = string2
'
}
}
output {
elasticsearch {
embedded => true
action => "index"
host => "es"
index => "fivetry"
workers => 1
}
stdout{
codec => rubydebug {
}
}
}
谢谢大家,您无法通过日志存储配置设置映射。映射与日志存储无关,而仅与Elasticsearch相关
在插入这些文档之前,您需要在Elasticsearch中预先映射这些字段,您可以创建索引,然后使用映射API设置映射,或者您可以使用索引模板来执行此操作,这将允许您创建映射,而无需最初创建索引。Logstash提供了用于新索引的默认模板。您可以编辑此文件,但这不是一个好主意(它将在升级时被覆盖,等等)
允许您指定自己要使用的模板,而不是默认模板。现在我没有使用映射。我只使用我的日志存储配置文件。使用命令/bin/logstash-f logstash.conf,我在kibana中插入数据。我没有为此制作其他映射模板。我建议设置索引模板。这不难做到,它们将自动应用。我使用了“ux”,它工作正常。我不知道为什么。所以,我的字段值现在是,4.56_789。虽然这是一个“分析的领域”,但它并没有打破术语。