【发布时间】:2015-08-22 01:15:56
【问题描述】:
我有一个名为againagain-* 的索引,它是由logstash 创建的。我做了
curl command
在我将配置文件运行到 logstash 之前。然而,在所有这些步骤之后,我进入了 Kibana 中的 Discover 选项卡,但所有字符串在“Analzyed Fields”下仍然被视为 True。我的映射有问题吗?
PS 我在运行配置文件之前和之后都这样做了。
curl –XPUT http://localhost:5601/againagain -d ‘
{
"mappings" : {
"_default_" : {
"properties" : {
"service" : { "type" : "integer" },
"rule" : { "type" : "integer" },
"ICMP Type" : { "type" : "integer" },
"ICMP Code" : { "type" : "integer" },
"ip_offset" : { "type" : "integer" },
"ip_id" : { "type" : "integer" },
"ip_len" : { "type" : "integer" },
"Confidence Level" : { "type" : "integer" },
"fragments_dropped" : { "type" : "integer" },
"Severity" : { "type" : "integer" },
"serial_num" : { "type" : "integer" },
"during_sec" : { "type" : "integer" },
"Attack info" : {"type": "string", "index" : "not_analyzed" },
"peer gateway" : {"type": "string", "index" : "not_analyzed" },
"SmartDefense Profile" : {"type": "string", "index" : "not_analyzed" },
"FollowUp" : {"type": "string", "index" : "not_analyzed" },
"attack" : {"type": "string", "index" : "not_analyzed" },
"type" : {"type": "string", "index" : "not_analyzed" },
"Performance Impact" : {"type": "string", "index" : "not_analyzed" },
"reject_category" : {"type": "string", "index" : "not_analyzed" },
"action" : {"type": "string", "index" : "not_analyzed" },
"ICMP" : {"type": "string", "index" : "not_analyzed" },
"inzone" : {"type": "string", "index" : "not_analyzed" },
"dn" : {"type": "string", "index" : "not_analyzed" },
"proto" : {"type": "string", "index" : "not_analyzed" },
"dst" : {"type": "string", "index" : "not_analyzed" },
"message_info" : {"type": "string", "index" : "not_analyzed" },
"ICMP" : {"type": "string", "index" : "not_analyzed" },
"Severity" : {"type": "string", "index" : "not_analyzed" },
"rule_uid" : {"type": "string", "index" : "not_analyzed" },
"CookieI" : {"type": "string", "index" : "not_analyzed" },
"interface" : {"type": "string", "index" : "not_analyzed" },
"IKE" : {"type": "string", "index" : "not_analyzed" },
"TCP packet out of state" : {"type": "string", "index" : "not_analyzed" },
"service_id" : {"type": "string", "index" : "not_analyzed" },
"vpn_feature_name" : {"type": "string", "index" : "not_analyzed" },
"Protection Type" : {"type": "string", "index" : "not_analyzed" },
"src" : {"type": "string", "index" : "not_analyzed" },
"ip_len" : {"type": "string", "index" : "not_analyzed" },
"fw_subproduct" : {"type": "string", "index" : "not_analyzed" },
"protection_id" : {"type": "string", "index" : "not_analyzed" },
"Protection Name" : {"type": "string", "index" : "not_analyzed" },
"tcp_flags" : {"type": "string", "index" : "not_analyzed" },
"Internal_CA" : {"type": "string", "index" : "not_analyzed" },
"outzone" : {"type": "string", "index" : "not_analyzed" },
"scheme" : {"type": "string", "index" : "not_analyzed" },
"Reason" : {"type": "string", "index" : "not_analyzed" },
"message" : {"type": "string", "index" : "not_analyzed" },
"product" : {"type": "string", "index" : "not_analyzed" },
"Industry Reference" : {"type": "string", "index" : "not_analyzed" }
}
}
}
}
';
执行此命令后他们在终端中给我的输出是 <. html.><.html.><.head.><.title.><.link rel="stylesheet" href="/styles/%20main.css" .><.><.body.><.h1>未找到<.><.><.>kibana"
【问题讨论】:
-
你在使用 kibana 而不是 elasticsearch!尝试在您的弹性搜索端口上卷曲。默认值为 9200
-
哦,那是我的愚蠢!在运行我的配置文件之前我会卷曲 1 次吗?或者...
-
什么?我不明白你想做什么?
-
我有一个 logstash 配置文件和一个示例数据。但是在运行配置文件后,我的示例数据字段被视为已分析字段,这意味着
Hello everyone等字符串被分解为Hello和everyone。这就是我将变量映射到所有not_analyzed字段的原因。所以问题是我应该运行我的配置文件来上传数据还是使用curl命令来定义映射 1st
标签: elasticsearch mapping logstash kibana-4