Question

我有一个名为againagain- *的索引，它是由logstash创建的。

curl command

在将配置文件运行到logstash之前

。然而，在完成所有这些步骤之后，我进入了Kibana的Discover选项卡，但是在＃34; Analzyed Fields＆＃34;下，所有字符串仍被视为True。我的映射有问题吗？

P.S我在运行配置文件之前和之后都做到了。

    curl –XPUT http://localhost:5601/againagain -d ‘
{
 "mappings" : {
  "_default_" : {
   "properties" : {
"service" : { "type" : "integer" },
"rule" : { "type" : "integer" },
"ICMP Type" : { "type" : "integer" },
"ICMP Code" : { "type" : "integer" },
"ip_offset" : { "type" : "integer" },
"ip_id" : { "type" : "integer" },
"ip_len" : { "type" : "integer" },
"Confidence Level" : { "type" : "integer" },
"fragments_dropped" : { "type" : "integer" },
"Severity" : { "type" : "integer" },
"serial_num" : { "type" : "integer" },
"during_sec" : { "type" : "integer" },
"Attack info" : {"type": "string", "index" : "not_analyzed" },
"peer gateway" : {"type": "string", "index" : "not_analyzed" },
"SmartDefense Profile" : {"type": "string", "index" : "not_analyzed" },
"FollowUp" : {"type": "string", "index" : "not_analyzed" },
"attack" : {"type": "string", "index" : "not_analyzed" },
"type" : {"type": "string", "index" : "not_analyzed" },
"Performance Impact" : {"type": "string", "index" : "not_analyzed" },
"reject_category" : {"type": "string", "index" : "not_analyzed" },
"action" : {"type": "string", "index" : "not_analyzed" },
"ICMP" : {"type": "string", "index" : "not_analyzed" },
"inzone" : {"type": "string", "index" : "not_analyzed" },
"dn" : {"type": "string", "index" : "not_analyzed" },
"proto" : {"type": "string", "index" : "not_analyzed" },
"dst" : {"type": "string", "index" : "not_analyzed" },
"message_info" : {"type": "string", "index" : "not_analyzed" },
"ICMP" : {"type": "string", "index" : "not_analyzed" },
"Severity" : {"type": "string", "index" : "not_analyzed" },
"rule_uid" : {"type": "string", "index" : "not_analyzed" },
"CookieI" : {"type": "string", "index" : "not_analyzed" },
"interface" : {"type": "string", "index" : "not_analyzed" },
"IKE" : {"type": "string", "index" : "not_analyzed" },
"TCP packet out of state" : {"type": "string", "index" : "not_analyzed" },
"service_id" : {"type": "string", "index" : "not_analyzed" },
"vpn_feature_name" : {"type": "string", "index" : "not_analyzed" },
"Protection Type" : {"type": "string", "index" : "not_analyzed" },
"src" : {"type": "string", "index" : "not_analyzed" },
"ip_len" : {"type": "string", "index" : "not_analyzed" },
"fw_subproduct" : {"type": "string", "index" : "not_analyzed" },
"protection_id" : {"type": "string", "index" : "not_analyzed" },
"Protection Name" : {"type": "string", "index" : "not_analyzed" },
"tcp_flags" : {"type": "string", "index" : "not_analyzed" },
"Internal_CA" : {"type": "string", "index" : "not_analyzed" },
"outzone" : {"type": "string", "index" : "not_analyzed" },
"scheme" : {"type": "string", "index" : "not_analyzed" },
"Reason" : {"type": "string", "index" : "not_analyzed" },
"message" : {"type": "string", "index" : "not_analyzed" },
"product" : {"type": "string", "index" : "not_analyzed" },
"Industry Reference" : {"type": "string", "index" : "not_analyzed" }
   }
  }
 }
}
';

在此命令后，他们在终端中给我的输出是＆lt;。！DOCTYPE html。＆gt;＆lt; .html。＆gt;＆lt; .head。＆gt;＆lt; .title。＆gt;＆lt; .link rel = ＆＃34;样式表＆＃34; href =＆＃34; /styles/main.css"。＆gt;＆lt; ./ head。＆gt;＆lt; .body。＆gt;＆lt; .h1＆gt;未找到＆lt; ./ h1＆gt;＆lt; ./ body ＆GT;＆LT; ./ HTML＆＃34;＆GT; kibana＆＃34;

Answer 1

就像我在评论中所说，你正在尝试将你的映射放在kibana端口（5601）而不是弹性搜索端口（默认情况下为9200）。

  R1.1.1 < R1.1.2 < R1.2.1 < R2.1.1 < R106.2.3

Answer 2

所以你早先提出的问题就是现场。您需要先将索引设为空。所以卷曲你的映射然后使用logstash发送你的数据。我不确定它是否必需，但您可能希望在删除索引时清除elasticsearch中的映射。我之前遇到过同样的问题。可能有更简单的方法，但我只是删除所有内容，放入我的映射，然后导入数据，我一直都很好。

Elasticsearch中的映射错误？

2 个答案: