我是Elasticsearch的新手,曾经尝试阅读所有可以找到的文档,但是我正努力了解索引创建的映射行为。
我有AWS CloudWatch通过Lambda订阅将日志从我的应用程序导入ES。
我正在使用Kibana(在AWS上)中的Dev Tools UI与ES进行通信。运行以下PUT命令可让我设置一个新索引。但是,创建的文档没有我在映射中设置的任何字段。
PUT cwl-2018.08.09
{
"settings" : {
"index" : {
"number_of_shards" : 1
}
},
"mappings": {
"test-log-group": {
"_source": {
"enabled": true
},
"properties": {
"level": { "type": "text" },
"message": { "type": "text" },
"logger": { "type": "text" },
"url": { "type": "text" }
}
}
}
}
以下是通过CloudWatch发送给ES的示例文档
{
"_index": "cwl-2018.08.09",
"_type": "test-log-group",
"_id": "34205467001770174210014068820960982481947713872776593408",
"_score": 1,
"_source": {
"time": "2018-08-09 15:49:48.1949",
"level": "INFO",
"message": "Test",
"logger": "Logger",
"applicationName": "WebSite",
"url": "/test",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36",
"controller": "Home",
"action": "Test",
"@id": "34205467001770174210014068820960982481947713872776593408",
"@timestamp": "2018-08-09T14:49:48.195Z",
"@message": """{ "time": "2018-08-09 15:49:48.1949", "level": "INFO", "message": "Test", "logger": "Logger", "applicationName": "WebSite", "url": "\/test", "userAgent": "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/68.0.3440.84 Safari\/537.36", "controller": "Home", "action": "Test" }""",
"@owner": "751777751431",
"@log_group": "test-log-group",
"@log_stream": "2018/08/09T15.12.19 - 5bb0c1a1-9405-4fc3-98ec-f8c98553f4a8"
}
}
我希望在文档的“ _source”字段之外看到名为“ level”,“ message”,“ logger”和“ url”的字段。
我的地图错误吗?
我是否会误解我应该在文档结构方面创建的内容?