将json文件从Ntopng导入Elk堆栈

时间:2017-06-01 08:17:56

标签: json elasticsearch logstash kibana elastic-stack

我正在尝试将一个json文件从Ntopng导入到Elk堆栈中,但我不知道如何创建索引。

这是json文件包含的单个数据

{ "mac_address": "01:52:22:AE:73:1A", "seen.last": 1496621633, "asn": 11100, "symbolic_name": "abc.def.com", "asname": "test", "ip": { "ipVersion": 4, "localHost": false, "ip": "109.256.51.0" }, "localHost": false, "systemHost": false, "tcp_sent": { "packets": 0, "bytes": 0 }, "tcp_rcvd": { "packets": 42, "bytes": 4323 }, "udp_sent": { "packets": 0, "bytes": 0 }, "udp_rcvd": { "packets": 468, "bytes": 72142 }, "icmp_sent": { "packets": 0, "bytes": 0 }, "icmp_rcvd": { "packets": 0, "bytes": 0 }, "other_ip_sent": { "packets": 0, "bytes": 0 }, "other_ip_rcvd": { "packets": 0, "bytes": 0 }, "pktStats.sent": { }, "pktStats.recv": { "upTo128": 33, "upTo256": 943, "upTo512": 2 }, "throughput_bps": 0, "throughput_trend_bps": "Stable", "throughput_pps": 0, "throughput_trend_pps": "Stable", "flows.as_client": 0, "flows.as_server": 6, "num_alerts": 5, "sent": { "packets": 0, "bytes": 0 }, "rcvd": { "packets": 510, "bytes": 76465 }, "ndpiStats": { "Unknown": { "bytes": { "sent": 0, "rcvd": 72142 }, "packets": { "sent": 0, "rcvd": 468 } }, "HTTP": { "bytes": { "sent": 0, "rcvd": 1521 }, "packets": { "sent": 0, "rcvd": 18 } }, "SSL": { "bytes": { "sent": 0, "rcvd": 2802 }, "packets": { "sent": 0, "rcvd": 24 } } } }

我尝试创建一个像这样的索引:

{"mappings" : {"_default_" : {"properties" : {    "mac_address" : {"type": "keyword" }, "seen.last" : {"type": "integer" }, "asn" : { "type" : "integer" },    "symbolic_name" : { "type" : "keyword" },"asname" : {"type": "keyword" },"ipVersion": { "type" : "integer" },"localHost": { "type" : "keyword" },
"ip": { "type" : "keyword" }  ....  .... } } }}'

但它不起作用,可能因为这是必要的吗?

{"index":{"_index":"test","_type":"act","_id":0}}

0 个答案:

没有答案