无法使用 API 在弹性搜索中创建索引
Unable to create index in Elastic search using API
我正在尝试使用 API 在 kibana 开发工具中使用以下映射在 Elasticsearch 中创建索引。创建索引后,我想使用 reindex API 从已存在的索引中复制文档。
PUT /ipflow-logs
{
"ipflow-logs" : {
"mappings" : {
"properties" : {
"conn_state" : {
"type" : "keyword"
},
"content_length" : {
"type" : "long"
},
"content_type" : {
"type" : "keyword"
},
"createdDate" : {
"type" : "keyword"
},
"dst_ip" : {
"type" : "ip"
},
"dst_port" : {
"type" : "long"
},
"duration" : {
"type" : "long"
},
"history" : {
"type" : "keyword"
},
"local_orig" : {
"type" : "keyword"
},
"missed_bytes" : {
"type" : "long"
},
"orig_bytes" : {
"type" : "long"
},
"orig_ip_bytes" : {
"type" : "long"
},
"orig_pkts" : {
"type" : "long"
},
"protocol" : {
"type" : "keyword"
},
"resp_bytes" : {
"type" : "long"
},
"resp_ip_bytes" : {
"type" : "long"
},
"resp_pkts" : {
"type" : "long"
},
"service" : {
"type" : "keyword"
},
"src_ip" : {
"type" : "ip"
},
"src_port" : {
"type" : "long"
},
"timestamp" : {
"type" : "date",
"format" : "yyyy-MM-dd 'T' HH:mm:ss.SSS"
},
"uid" : {
"type" : "keyword"
}
}
}
}
}
我在尝试创建索引时遇到以下错误。
"type": "parse_exception", "reason": "unknown key [ipflow-logs] for create index", "status": 400
感谢任何帮助。谢谢
你需要这样做(即 mappings 应该在顶部):
PUT /ipflow-logs
{
"mappings": {
"properties": {
"conn_state": {
"type": "keyword"
},
"content_length": {
"type": "long"
},
"content_type": {
"type": "keyword"
},
"createdDate": {
"type": "keyword"
},
"dst_ip": {
"type": "ip"
},
"dst_port": {
"type": "long"
},
"duration": {
"type": "long"
},
"history": {
"type": "keyword"
},
"local_orig": {
"type": "keyword"
},
"missed_bytes": {
"type": "long"
},
"orig_bytes": {
"type": "long"
},
"orig_ip_bytes": {
"type": "long"
},
"orig_pkts": {
"type": "long"
},
"protocol": {
"type": "keyword"
},
"resp_bytes": {
"type": "long"
},
"resp_ip_bytes": {
"type": "long"
},
"resp_pkts": {
"type": "long"
},
"service": {
"type": "keyword"
},
"src_ip": {
"type": "ip"
},
"src_port": {
"type": "long"
},
"timestamp": {
"type": "date",
"format": "yyyy-MM-dd 'T' HH:mm:ss.SSS"
},
"uid": {
"type": "keyword"
}
}
}
}
我正在尝试使用 API 在 kibana 开发工具中使用以下映射在 Elasticsearch 中创建索引。创建索引后,我想使用 reindex API 从已存在的索引中复制文档。
PUT /ipflow-logs
{
"ipflow-logs" : {
"mappings" : {
"properties" : {
"conn_state" : {
"type" : "keyword"
},
"content_length" : {
"type" : "long"
},
"content_type" : {
"type" : "keyword"
},
"createdDate" : {
"type" : "keyword"
},
"dst_ip" : {
"type" : "ip"
},
"dst_port" : {
"type" : "long"
},
"duration" : {
"type" : "long"
},
"history" : {
"type" : "keyword"
},
"local_orig" : {
"type" : "keyword"
},
"missed_bytes" : {
"type" : "long"
},
"orig_bytes" : {
"type" : "long"
},
"orig_ip_bytes" : {
"type" : "long"
},
"orig_pkts" : {
"type" : "long"
},
"protocol" : {
"type" : "keyword"
},
"resp_bytes" : {
"type" : "long"
},
"resp_ip_bytes" : {
"type" : "long"
},
"resp_pkts" : {
"type" : "long"
},
"service" : {
"type" : "keyword"
},
"src_ip" : {
"type" : "ip"
},
"src_port" : {
"type" : "long"
},
"timestamp" : {
"type" : "date",
"format" : "yyyy-MM-dd 'T' HH:mm:ss.SSS"
},
"uid" : {
"type" : "keyword"
}
}
}
}
}
我在尝试创建索引时遇到以下错误。
"type": "parse_exception", "reason": "unknown key [ipflow-logs] for create index", "status": 400
感谢任何帮助。谢谢
你需要这样做(即 mappings 应该在顶部):
PUT /ipflow-logs
{
"mappings": {
"properties": {
"conn_state": {
"type": "keyword"
},
"content_length": {
"type": "long"
},
"content_type": {
"type": "keyword"
},
"createdDate": {
"type": "keyword"
},
"dst_ip": {
"type": "ip"
},
"dst_port": {
"type": "long"
},
"duration": {
"type": "long"
},
"history": {
"type": "keyword"
},
"local_orig": {
"type": "keyword"
},
"missed_bytes": {
"type": "long"
},
"orig_bytes": {
"type": "long"
},
"orig_ip_bytes": {
"type": "long"
},
"orig_pkts": {
"type": "long"
},
"protocol": {
"type": "keyword"
},
"resp_bytes": {
"type": "long"
},
"resp_ip_bytes": {
"type": "long"
},
"resp_pkts": {
"type": "long"
},
"service": {
"type": "keyword"
},
"src_ip": {
"type": "ip"
},
"src_port": {
"type": "long"
},
"timestamp": {
"type": "date",
"format": "yyyy-MM-dd 'T' HH:mm:ss.SSS"
},
"uid": {
"type": "keyword"
}
}
}
}