我正在尝试学习ELK堆栈,其中我有staretd索引apache访问日志,我有Logstash 1.4.2,Elasticseach 1.5.1和kiabna 4.0.2 for windows。以下是我的配置文件。对于
curl -XPOST localhost:9200/apache_access?ignore_conflicts=true -d '{
"settings" : {
"number_of_shards" : 1
},
"mappings" : {
"apache" : {
"properties" : {
"timestamp" : {"type":"date", "format" : "DD/MMM/YYYY:HH:mm:ss" },
"bytes": {"type": "long"},
"response":{ "type":"long"},
"clientip":{ "type": "ip"},
"geoip" : { "type" : "geo_point"}
}
}
}
}'
和我的 logstash-apache.conf 是
input {
file {
path => "D:\data\access_log1.log"
start_position => beginning
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
geoip{
source => "clientip"
target => "geoip"
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ,"ISO8601"]
}
}
output {
elasticsearch {
host => "localhost"
protocol => http
index => "apache_access"
}
stdout { codec => rubydebug }
}
我所面临的是,对于我在弹性搜索中应用映射的字段,即字节,响应,clientip我正在发生冲突。我理解发生了什么,因为它说这些字段有字符串,长字段都是字段类型。但我不明白为什么它会发生,因为我已经应用了映射。我也想解决这个问题。任何帮助表示赞赏。