我正在尝试使用ELK堆栈。我的Kibana有问题。我的数据中的一个字段是整数类型,但在Kibana上它显示类型为undefined。请在下面找到我正在使用的示例数据。
{
"took": 6,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 1,
"max_score": 1,
"hits": [
{
"_index": "products",
"_type": "logs",
"_id": "AVivMgCnKd2m9Wr-3jBk",
"_score": 1,
"_source": {
"message": "product10,990\r",
"@version": "1",
"@timestamp": "2016-11-29T08:27:18.792Z",
"path": "/Users/B0079855/Documents/SERVERS/logstash-2.2.2/samples/products.csv",
"host": "LTB0079855-MAC.local",
"product_name": "product10",
"product_price": 990
}
}
]
}
}
Kibana没有将product_price标识为整数。
logstash conf:
input {
file {
path => "{filepath}"
# to read from the beginning of file
start_position => beginning
sincedb_path => "/dev/null"
}
}
filter {
csv {
columns => ["product_name", "product_price"]
}
mutate {
convert => { "product_price" => "integer" }
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "products"
}
stdout { codec => rubydebug }
}
如何使这项工作?
答案 0 :(得分:1)
如果您未使用Mapping映射字段,则可以执行以下操作,以便在创建索引之前创建mapping:
PUT请求:http://yourhost:9200/yourindex
请求身体:
{
"mappings": {
"your_type": { <--- document_type value in logstash conf
"properties": {
"product_price": {
"type": "integer"
}
}
}
}
}
如果没有,您甚至可以使用PUT映射API再次更新索引映射:
curl -XPUT 'http://localhost:9200/your_index/_mapping/your_type' -d '
{
"yout_type" : {
"properties" : {
//your new mapping properties
"product_price": {
"type": "integer"
}
}
}
}'
希望这个SO也有帮助。
修改
在您使用logstash转换它的情况下,您可以尝试将其转换为csv插件之外的内容。尝试在插件中转换它;
filter {
csv {
columns => ["product_name", "product_price"]
mutate {
convert => { "product_price" => "integer" }
}
}
}