在索引的位置處有一句很明顯的英文:
This page lists every field in the logstash-* index and the field's associated core type as recorded by Elasticsearch. While this list allows you to view the core type of each field, changing field types must be done using Elasticsearch's Mapping API
如果你想要自定義自己的字段如: 日誌的referrer、domainname、remote_addr request、status 這些web的訪問日誌基本的字段!
你要使用elasticsearch的mapping API
參考:
http://es.xiaoleilu.com/052_Mapping_Analysis/25_Data_type_differences.html
查看映射的命令:
curl -XGET 192.168.100.10:9200/logstash-2016.05.15/_mapping/syslog?pretty
logstash-2016.05.15 是index的名字
syslog是type的名字
第一查看默認的映射:
{
"logstash-2016.05.15" : {
"mappings" : {
"syslog" : {
"_all" : {
"enabled" : true,
"omit_norms" : true
},
"dynamic_templates" : [ {
"message_field" : {
"mapping" : {
"index" : "analyzed",
"omit_norms" : true,
"fielddata" : {
"format" : "disabled"
},
"type" : "string"
},
"match" : "message",
"match_mapping_type" : "string"
}
}, {
"string_fields" : {
"mapping" : {
"index" : "analyzed",
"omit_norms" : true,
"fielddata" : {
"format" : "disabled"
},
"type" : "string",
"fields" : {
"raw" : {
"index" : "not_analyzed",
"ignore_above" : 256,
"doc_values" : true,
"type" : "string"
}
}
},
"match" : "*",
"match_mapping_type" : "string"
}
}, {
"float_fields" : {
"mapping" : {
"doc_values" : true,
"type" : "float"
},
"match" : "*",
"match_mapping_type" : "float"
}
}, {
"double_fields" : {
"mapping" : {
"doc_values" : true,
"type" : "double"
},
"match" : "*",
"match_mapping_type" : "double"
}
}, {
"byte_fields" : {
"mapping" : {
"doc_values" : true,
"type" : "byte"
},
"match" : "*",
"match_mapping_type" : "byte"
}
}, {
"short_fields" : {
"mapping" : {
"doc_values" : true,
"type" : "short"
},
"match" : "*",
"match_mapping_type" : "short"
}
}, {
"integer_fields" : {
"mapping" : {
"doc_values" : true,
"type" : "integer"
},
"match" : "*",
"match_mapping_type" : "integer"
}
}, {
"long_fields" : {
"mapping" : {
"doc_values" : true,
"type" : "long"
},
"match" : "*",
"match_mapping_type" : "long"
}
}, {
"date_fields" : {
"mapping" : {
"doc_values" : true,
"type" : "date"
},
"match" : "*",
"match_mapping_type" : "date"
}
}, {
"geo_point_fields" : {
"mapping" : {
"doc_values" : true,
"type" : "geo_point"
},
"match" : "*",
"match_mapping_type" : "geo_point"
}
} ],
"properties" : {
"@timestamp" : {
"type" : "date",
"format" : "strict_date_optional_time||epoch_millis"
},
"@version" : {
"type" : "string",
"index" : "not_analyzed"
},
"file" : {
"type" : "string",
"norms" : {
"enabled" : false
},
"fielddata" : {
"format" : "disabled"
},
"fields" : {
"raw" : {
"type" : "string",
"index" : "not_analyzed",
"ignore_above" : 256
}
}
},
"geoip" : {
"dynamic" : "true",
"properties" : {
"ip" : {
"type" : "ip"
},
"latitude" : {
"type" : "float"
},
"location" : {
"type" : "geo_point"
},
"longitude" : {
"type" : "float"
}
}
},
"host" : {
"type" : "string",
"norms" : {
"enabled" : false
},
"fielddata" : {
"format" : "disabled"
},
"fields" : {
"raw" : {
"type" : "string",
"index" : "not_analyzed",
"ignore_above" : 256
}
}
},
"message" : {
"type" : "string",
"norms" : {
"enabled" : false
},
"fielddata" : {
"format" : "disabled"
}
},
"offset" : {
"type" : "string",
"norms" : {
"enabled" : false
},
"fielddata" : {
"format" : "disabled"
},
"fields" : {
"raw" : {
"type" : "string",
"index" : "not_analyzed",
"ignore_above" : 256
}
}
},
"path" : {
"type" : "string",
"norms" : {
"enabled" : false
},
"fielddata" : {
"format" : "disabled"
},
"fields" : {
"raw" : {
"type" : "string",
"index" : "not_analyzed",
"ignore_above" : 256
}
}
},
"type" : {
"type" : "string",
"norms" : {
"enabled" : false
},
"fielddata" : {
"format" : "disabled"
},
"fields" : {
"raw" : {
"type" : "string",
"index" : "not_analyzed",
"ignore_above" : 256
}
}
}
}
}
}
}
}