我是elasticsearch的新手,我正在尝试创建我的第一个索引,但我遇到了之前正在运行的时间戳字段的问题...
我创建了这样的索引:
PUT /kafkasdp
{
"mappings": {
"kafka_logs": {
"properties": {
"timestamp": {
"type": "date"
},
"log_level": {
"type": "string"
},
"message1": {
"type": "string"
},
"message2": {
"type": "string"
}
}
}
}
}
然后我尝试发送这样的数据:
post /kafkasdp/kafka_logs
{
"timestamp": "2017-02-03 19:27:20,606",
"log_level": "INFO",
"message2": "Deleting segment 1 from log omega-replica-sync-dev-8. (kafka.log.Log)"
}
但不断收到此错误:
{
"error": {
"root_cause": [
{
"type": "mapper_parsing_exception",
"reason": "failed to parse [timestamp]"
}
],
"type": "mapper_parsing_exception",
"reason": "failed to parse [timestamp]",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "Invalid format: \"2017-02-03 19:27:20,606\" is malformed at \" 19:27:20,606\""
}
},
"status": 400
}
我认为我的时间戳是有效的日期类型?
答案 0 :(得分:2)
在Elasticsearch reference上了解日期类型:您应该在文档中指定您期望的日期格式:
input(23)==false由于您没有指定它,Elasticsearch将期望ISO格式的日期值:
PUT your_index_name
{
"mappings": {
"your_index_type": {
"properties": {
"date": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss,SSS"
}
}
}
}
}
(例如yyyyMMdd'T'HHmmss.SSS'Z')