Elasticsearch + Kibana,按 uri 排序没有结果。 (uri 未被分析)
Elasticsearch + Kibana, sorting on uri yields no results. (uri isn't analyzed)
我有一个 HTTP 请求的日志,其中一个字段是 URI 字段。我想获得每个 URI 的平均持续时间(以毫秒为单位)。我将 Kibana 中的 y 轴设置为
"Aggregation: Average , Field: durationInMs"。
对于 x 轴,我有
"Aggregation: terms, Field uri, Order by: metric average durationInMs, Order: descending: 5"
图片说明:
这给了我一个结果,但它没有使用 整个 URI。相反,它会拆分 URI 并匹配其中的一部分。快速 google 之后,我找到了“Multi-fields”,并且在我的索引中添加了一个 URI.raw 字段。分析的字段警告消失了,但我得到 no 结果。
有什么提示或技巧吗?
lsc-logs2 映射:
{
"lsc-logs2": {
"mappings": {
"httplogentry": {
"properties": {
"context": {
"type": "string"
},
"durationInMs": {
"type": "double"
},
"id": {
"type": "long"
},
"method": {
"type": "string"
},
"source": {
"type": "string"
},
"startTime": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"status": {
"type": "long"
},
"uri": {
"type": "string",
"fields": {
"raw": {
"type": "string",
"index": "not_analyzed"
}
}
},
"username": {
"type": "string"
},
"version": {
"type": "long"
}
}
}
}
}
}
示例文档:
{
"_index": "lsc-logs2",
"_type": "httplogentry",
"_id": "1148440",
"_score": 1,
"_source": {
"startTime": "2016-08-22T10:30:57.2298086+02:00",
"context": "contexturi",
"method": "GET",
"uri": "http://uri/plannings/unassigned?date=2016-08-22T03:58:57.168Z&page=1&pageSize=9999",
"username": "user",
"source": "192.168.1.82",
"durationInMs": 171.83710000000002,
"status": 200,
"id": 1148440,
"version": 1
}
}
重新索引数据时,httplogentry 映射不会从 lsc-logs 移植到 lsc-logs2,您需要先创建目标索引+映射,然后再重新索引。
先删除当前目标索引
curl -XDELETE localhost:9200/lsc-logs2
然后通过指定正确的映射重新创建它
curl -XPUT localhost:9200/lsc-logs2 -d '{
"mappings": {
"httplogentry": {
"properties": {
"context": {
"type": "string"
},
"durationInMs": {
"type": "double"
},
"id": {
"type": "long"
},
"method": {
"type": "string"
},
"source": {
"type": "string"
},
"startTime": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"status": {
"type": "long"
},
"uri": {
"type": "string",
"fields": {
"raw": {
"type": "string",
"index": "not_analyzed"
}
}
},
"username": {
"type": "string"
},
"version": {
"type": "long"
}
}
}
}
}'
然后您可以重新索引您的数据:
curl -XPOST localhost:9200/_reindex -d '{
"source": {
"index": "lsc-logs"
},
"dest": {
"index": "lsc-logs2"
}
}'
然后在 Kibana 中刷新索引模式中的字段,它应该可以工作。
我有一个 HTTP 请求的日志,其中一个字段是 URI 字段。我想获得每个 URI 的平均持续时间(以毫秒为单位)。我将 Kibana 中的 y 轴设置为
"Aggregation: Average , Field: durationInMs"。
对于 x 轴,我有
"Aggregation: terms, Field uri, Order by: metric average durationInMs, Order: descending: 5"
图片说明:
这给了我一个结果,但它没有使用 整个 URI。相反,它会拆分 URI 并匹配其中的一部分。快速 google 之后,我找到了“Multi-fields”,并且在我的索引中添加了一个 URI.raw 字段。分析的字段警告消失了,但我得到 no 结果。
有什么提示或技巧吗?
lsc-logs2 映射:
{
"lsc-logs2": {
"mappings": {
"httplogentry": {
"properties": {
"context": {
"type": "string"
},
"durationInMs": {
"type": "double"
},
"id": {
"type": "long"
},
"method": {
"type": "string"
},
"source": {
"type": "string"
},
"startTime": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"status": {
"type": "long"
},
"uri": {
"type": "string",
"fields": {
"raw": {
"type": "string",
"index": "not_analyzed"
}
}
},
"username": {
"type": "string"
},
"version": {
"type": "long"
}
}
}
}
}
}
示例文档:
{
"_index": "lsc-logs2",
"_type": "httplogentry",
"_id": "1148440",
"_score": 1,
"_source": {
"startTime": "2016-08-22T10:30:57.2298086+02:00",
"context": "contexturi",
"method": "GET",
"uri": "http://uri/plannings/unassigned?date=2016-08-22T03:58:57.168Z&page=1&pageSize=9999",
"username": "user",
"source": "192.168.1.82",
"durationInMs": 171.83710000000002,
"status": 200,
"id": 1148440,
"version": 1
}
}
重新索引数据时,httplogentry 映射不会从 lsc-logs 移植到 lsc-logs2,您需要先创建目标索引+映射,然后再重新索引。
先删除当前目标索引
curl -XDELETE localhost:9200/lsc-logs2
然后通过指定正确的映射重新创建它
curl -XPUT localhost:9200/lsc-logs2 -d '{
"mappings": {
"httplogentry": {
"properties": {
"context": {
"type": "string"
},
"durationInMs": {
"type": "double"
},
"id": {
"type": "long"
},
"method": {
"type": "string"
},
"source": {
"type": "string"
},
"startTime": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"status": {
"type": "long"
},
"uri": {
"type": "string",
"fields": {
"raw": {
"type": "string",
"index": "not_analyzed"
}
}
},
"username": {
"type": "string"
},
"version": {
"type": "long"
}
}
}
}
}'
然后您可以重新索引您的数据:
curl -XPOST localhost:9200/_reindex -d '{
"source": {
"index": "lsc-logs"
},
"dest": {
"index": "lsc-logs2"
}
}'
然后在 Kibana 中刷新索引模式中的字段,它应该可以工作。