Elasticsearch 默认映射嵌套字段
Elasticsearch default mapping nested fields
下午好,
我一直在尝试强制将一个字段设为 geo_point,但该字段驻留在文档中的一个字段中。我正在使用 elasicsearch 1.7 并努力使所有字段匹配,以便我可以升级到 2.3.1。
当前动态创建的映射示例:
{
"index-2016.01.01" : {
"mappings" : {
"document" : {
"properties" : {
"geoip" : {
"properties" : {
"location" : {
"type" : "double"
}
}
}
}
}
}
}
}
现在我有几个具有完全相同结构的文档,我想将其添加到我的默认映射中,以便对于每个新索引,它都被映射为 geo_point。到目前为止,我还没能做到这一点,它只是不断地以双重身份出现。下面是我当前的默认值-mapping.json
{
"_default_" : {
"properties" : {
"level" : {
"type" : "string",
"norms" : {
"enabled" : false
}
},
"line" : {
"type" : "string",
"norms" : {
"enabled" : false
}
},
"geoip" : {
"properties" : {
"location" : {
"type" : "geo_point"
}
}
}
}
}
}
如有任何帮助,我们将不胜感激。我尝试将其简化为 location:type:geo_point,我尝试删除中间的其他步骤但无济于事。
这是一个文档示例:
{
"_index": "logstash-2016.04.14",
"_type": "nginx-access",
"_id": "AVQV6PXtpRWl9K_VbKfj",
"_score": null,
"_source": {
"message": "172.16.120.108 - - [14/Apr/2016:12:54:24 -0500] \"GET /center-unit-service/find-by-building/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4?building=142 HTTP/1.1\" 200 119 \"https://lwhwms-dev7.corp.good-sam.com/participant-form/new/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\" 0.239 \"lwhwms-dev7.corp.good-sam.com\"",
"clientip": "172.16.120.108",
"ident": "-",
"auth": "-",
"verb": "GET",
"request": "/center-unit-service/find-by-building/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4?building=142",
"httpversion": "1.1",
"response": "200",
"bytes": 119,
"referer": "https://lwhwms-dev7.corp.good-sam.com/participant-form/new/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4",
"agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36",
"response_time": 0.239,
"server_name": "lwhwms-dev7.corp.good-sam.com",
"env": "dev7",
"host": "moses-web1-dev",
"type": "nginx-access",
"source": "/var/log/nginx/lwhwms-access.log",
"timestamp": "2016-04-14T12:54:24.000-0500",
"parsestamp": "2016-04-14T12:54:27.965-0500",
"application": "lwhwms",
"@version": "1",
"@timestamp": "2016-04-14T17:54:24.000Z",
"geoip": {
"ip": "172.16.120.108",
"country_code2": "US",
"country_code3": "USA",
"country_name": "United States",
"continent_code": "NA",
"city_name": "0010 - National Campus",
"postal_code": "57117",
"latitude": 43.50120000000001,
"longitude": -96.786,
"dma_code": 0,
"area_code": 0,
"location": [
-96.786,
43.50120000000001
]
},
"ua": {
"name": "Chrome",
"os": "Windows 7",
"os_name": "Windows 7",
"device": "Other",
"major": "49",
"minor": "0",
"patch": "2623"
},
"referrer": null
},
"sort": [
1460656464000,
1460656464000
]
}
提前感谢您的帮助。
这是我的最终答案的样子。再次感谢所有回复的人,我希望这对 ELK 世界的其他新手有所帮助。
{
"template_1" : {
"template" : "*",
"mappings" : {
"_default_" : {
"dynamic_templates" : [
{
"geoip-location" : {
"path_match" : "geoip.location",
"mapping" : {
"type" : "geo_point"
}
}
},
{
"geoip-ip" : {
"path_match" : "geoip.ip",
"mapping" : {
"type" : "string",
"norms" : { "enabled" : false }
}
}
},
{
"level-string" : {
"match" : "level",
"mapping" : {
"type" : "string",
"norms" : { "enabled" : false }
}
}
},
{
"line-string" : {
"match" : "line",
"mapping" : {
"type" : "string",
"norms" : { "enabled" : false }
}
}
}
]
}
}
}
}
可以使用动态模板吗?
{
"mappings":{
"_default_":{
"dynamic_templates":[
{
"geoip":{
"path_match":"geoip.location",
"mapping":{
"type":"geo_point"
}
}
}
]
}
}
}
您可以将 _default_ 更改为您的索引名称
下午好,
我一直在尝试强制将一个字段设为 geo_point,但该字段驻留在文档中的一个字段中。我正在使用 elasicsearch 1.7 并努力使所有字段匹配,以便我可以升级到 2.3.1。 当前动态创建的映射示例:
{
"index-2016.01.01" : {
"mappings" : {
"document" : {
"properties" : {
"geoip" : {
"properties" : {
"location" : {
"type" : "double"
}
}
}
}
}
}
}
}
现在我有几个具有完全相同结构的文档,我想将其添加到我的默认映射中,以便对于每个新索引,它都被映射为 geo_point。到目前为止,我还没能做到这一点,它只是不断地以双重身份出现。下面是我当前的默认值-mapping.json
{
"_default_" : {
"properties" : {
"level" : {
"type" : "string",
"norms" : {
"enabled" : false
}
},
"line" : {
"type" : "string",
"norms" : {
"enabled" : false
}
},
"geoip" : {
"properties" : {
"location" : {
"type" : "geo_point"
}
}
}
}
}
}
如有任何帮助,我们将不胜感激。我尝试将其简化为 location:type:geo_point,我尝试删除中间的其他步骤但无济于事。
这是一个文档示例:
{
"_index": "logstash-2016.04.14",
"_type": "nginx-access",
"_id": "AVQV6PXtpRWl9K_VbKfj",
"_score": null,
"_source": {
"message": "172.16.120.108 - - [14/Apr/2016:12:54:24 -0500] \"GET /center-unit-service/find-by-building/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4?building=142 HTTP/1.1\" 200 119 \"https://lwhwms-dev7.corp.good-sam.com/participant-form/new/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36\" 0.239 \"lwhwms-dev7.corp.good-sam.com\"",
"clientip": "172.16.120.108",
"ident": "-",
"auth": "-",
"verb": "GET",
"request": "/center-unit-service/find-by-building/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4?building=142",
"httpversion": "1.1",
"response": "200",
"bytes": 119,
"referer": "https://lwhwms-dev7.corp.good-sam.com/participant-form/new/LWWSESSID/vdglqit5hod3m7sqvechjbrnn4",
"agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36",
"response_time": 0.239,
"server_name": "lwhwms-dev7.corp.good-sam.com",
"env": "dev7",
"host": "moses-web1-dev",
"type": "nginx-access",
"source": "/var/log/nginx/lwhwms-access.log",
"timestamp": "2016-04-14T12:54:24.000-0500",
"parsestamp": "2016-04-14T12:54:27.965-0500",
"application": "lwhwms",
"@version": "1",
"@timestamp": "2016-04-14T17:54:24.000Z",
"geoip": {
"ip": "172.16.120.108",
"country_code2": "US",
"country_code3": "USA",
"country_name": "United States",
"continent_code": "NA",
"city_name": "0010 - National Campus",
"postal_code": "57117",
"latitude": 43.50120000000001,
"longitude": -96.786,
"dma_code": 0,
"area_code": 0,
"location": [
-96.786,
43.50120000000001
]
},
"ua": {
"name": "Chrome",
"os": "Windows 7",
"os_name": "Windows 7",
"device": "Other",
"major": "49",
"minor": "0",
"patch": "2623"
},
"referrer": null
},
"sort": [
1460656464000,
1460656464000
]
}
提前感谢您的帮助。
这是我的最终答案的样子。再次感谢所有回复的人,我希望这对 ELK 世界的其他新手有所帮助。
{
"template_1" : {
"template" : "*",
"mappings" : {
"_default_" : {
"dynamic_templates" : [
{
"geoip-location" : {
"path_match" : "geoip.location",
"mapping" : {
"type" : "geo_point"
}
}
},
{
"geoip-ip" : {
"path_match" : "geoip.ip",
"mapping" : {
"type" : "string",
"norms" : { "enabled" : false }
}
}
},
{
"level-string" : {
"match" : "level",
"mapping" : {
"type" : "string",
"norms" : { "enabled" : false }
}
}
},
{
"line-string" : {
"match" : "line",
"mapping" : {
"type" : "string",
"norms" : { "enabled" : false }
}
}
}
]
}
}
}
}
可以使用动态模板吗?
{
"mappings":{
"_default_":{
"dynamic_templates":[
{
"geoip":{
"path_match":"geoip.location",
"mapping":{
"type":"geo_point"
}
}
}
]
}
}
}
您可以将 _default_ 更改为您的索引名称