我正在尝试设置ELK以使用我的PaloAlto防火墙,但我仍然坚持使用映射。我有以下代码:
"mappings":{
"_default_":{
"_all":{
"enabled":true
},
"dynamic_templates":[
{
"message_field":{
"match":"message",
"match_mapping_type":"string",
"mapping":{
"type":"string",
"index":"analyzed",
"omit_norms":true
}
}
},
{
"string_fields":{
"match":"*",
"match_mapping_type":"string",
"mapping":{
"type":"string",
"index":"analyzed",
"omit_norms":true,
"fields":{
"raw":{
"type":"string",
"index":"not_analyzed",
"ignore_above":256
}
}
}
}
}
],
"properties":{
"@version":{
"type":"string",
"index":"not_analyzed"
},
"geoip":{
"type":"object",
"dynamic":true,
"path":"full",
"properties":{
"location":{
"type":"geo_point",
"lat_lon":true,
"geohash":true
}
}
},
正如我在官方文档中看到的那样https://www.elastic.co/guide/en/elasticsearch/reference/2.1/lat-lon.html,您可以将param lat_lon设置为true来指定,以便将其值作为数字字段进行索引。
但我得到了这个错误:
{
"error" : {
"root_cause" : [
{
"type" : "mapper_parsing_exception",
"reason" : "Mapping definition for [location] has unsupported parameters: [geohash : true] [lat_lon : true]"
}
],
"type" : "mapper_parsing_exception",
"reason" : "Failed to parse mapping [_default_]: Mapping definition for [location] has unsupported parameters: [geohash : true] [lat_lon : true]",
"caused_by" : {
"type" : "mapper_parsing_exception",
"reason" : "Mapping definition for [location] has unsupported parameters: [geohash : true] [lat_lon : true]"
}
},
"status" : 400
}
我做错了什么?
答案 0 :(得分:0)
尝试删除lat_lon和geohash属性。在当前的elasticsearch版本(5.2)中,不支持这些属性。
以下应该可以解决问题:
"geoip":{
"dynamic":true,
"properties":{
"location":{
"type":"geo_point"
}
}
}
参考:https://www.elastic.co/guide/en/elasticsearch/reference/current/geo-point.html
(如果你的文档链接建议运行2.1,那么随意忽略我的回答)