在 ElasticSearch 7 中应用映射
Apply mappings in ElasticSearch 7
我使用 ElasticSearch 6 已经很长时间了,并且设法为我最常用的字段应用了映射。最近,我创建了另一个集群 (v7.7),但无法应用相同的映射,因为 default 已被弃用。我的映射中有一些嵌套对象。当我用 _doc 替换 default 时,我可以应用映射,但是所有传入 ES 的请求都将被拒绝,并将进入 Logstash 死信队列。 (我正在使用 logstash 并将我的应用程序日志发送到 ElasticSearch。这是我的映射 json:
"index_patterns": [
"logstash-*"
],
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": "50000"
}
},
"refresh_interval": "5s"
}
},
"mappings": {
"_default_": {
"_all": {
"norms": false
},
"properties": {
"@timestamp": {
"type": "date"
},
"name": {
"ignore_above": 64,
"type": "keyword"
},
"logger": {
"ignore_above": 64,
"type": "keyword"
},
"hostname": {
"ignore_above": 256,
"type": "keyword"
},
"pid": {
"type": "integer"
},
"level": {
"type": "short"
},
"v": {
"type": "short"
},
"env": {
"ignore_above": 64,
"type": "keyword"
},
"service": {
"ignore_above": 256,
"type": "keyword"
},
"message": {
"type": "text"
},
"module": {
"type": "keyword"
},
"subModule": {
"type": "keyword"
},
"docker": {
"properties": {
"container_id": {
"ignore_above": 512,
"type": "keyword"
},
"container_name": {
"ignore_above": 512,
"type": "keyword"
},
"image_id": {
"ignore_above": 512,
"type": "keyword"
},
"image_name": {
"ignore_above": 512,
"type": "keyword"
},
"command": {
"ignore_above": 512,
"type": "keyword"
},
"tag": {
"ignore_above": 512,
"type": "keyword"
},
"created": {
"type": "date"
}
}
},
"data": {
"type": "text"
},
"context": {
"properties": {
"trade": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
}
}
},
"trader": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
},
"email": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"payment": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
}
}
},
"err": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
},
"cause": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
},
"cause": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
}
}
}
}
}
}
},
"req": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
},
"remoteAddress": {
"type": "ip"
},
"remotePort": {
"type": "integer"
},
"method": {
"ignore_above": 32,
"type": "keyword"
},
"path": {
"type": "text"
},
"body": {
"type": "text"
},
"bodyLength": {
"type": "integer"
},
"headers": {
"type": "text"
}
}
},
"res": {
"properties": {
"statusCode": {
"type": "short"
},
"body": {
"type": "text"
},
"bodyLength": {
"type": "integer"
},
"headers": {
"type": "text"
},
"latency": {
"type": "integer"
}
}
},
"event": {
"properties": {
"eventName": {
"ignore_above": 256,
"type": "keyword"
},
"context": {
"type": "text"
},
"uuid": {
"ignore_above": 64,
"type": "keyword"
},
"time": {
"type": "long"
},
"attempts": {
"type": "short"
}
}
},
"task": {
"properties": {
"taskName": {
"ignore_above": 256,
"type": "keyword"
},
"context": {
"type": "text"
},
"uuid": {
"ignore_above": 64,
"type": "keyword"
},
"time": {
"type": "long"
},
"attempts": {
"type": "short"
},
"origin": {
"ignore_above": 128,
"type": "keyword"
}
}
}
}
},
"dlq": {
"properties": {
"eventFields": {
"type": "text"
},
"reason": {
"type": "text"
}
}
},
"tags": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}
我想知道如何将其应用于 elasticSearch7?
这是 ElasticSearch 错误:
[o.e.a.a.i.m.p.TransportPutMappingAction] [0c85334cb2d41154383d0174502e13f2] failed to put mappings on indices [[[__PATH__]]], type [logs]
java.lang.IllegalArgumentException: Rejecting mapping update to [logstash-2020.10.02] as the final mapping would have more than 1 type: [_doc, logs]
您必须更新 v7 中不支持的一些字段。
此请求是删除/更新不受支持字段的示例:
PUT _index_template/template_1
{
"index_patterns": [
"logstash-*"
],
"template": {
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": "50000"
}
},
"refresh_interval": "5s"
}
},
"mappings": {
"properties": {
"@timestamp": {
"type": "date"
},
"name": {
"ignore_above": 64,
"type": "keyword"
},
"logger": {
"ignore_above": 64,
"type": "keyword"
},
"hostname": {
"ignore_above": 256,
"type": "keyword"
},
"pid": {
"type": "integer"
},
"level": {
"type": "short"
},
"v": {
"type": "short"
},
"env": {
"ignore_above": 64,
"type": "keyword"
},
"service": {
"ignore_above": 256,
"type": "keyword"
},
"message": {
"type": "text"
},
"module": {
"type": "keyword"
},
"subModule": {
"type": "keyword"
},
"docker": {
"properties": {
"container_id": {
"ignore_above": 512,
"type": "keyword"
},
"container_name": {
"ignore_above": 512,
"type": "keyword"
},
"image_id": {
"ignore_above": 512,
"type": "keyword"
},
"image_name": {
"ignore_above": 512,
"type": "keyword"
},
"command": {
"ignore_above": 512,
"type": "keyword"
},
"tag": {
"ignore_above": 512,
"type": "keyword"
},
"created": {
"type": "date"
}
}
},
"data": {
"type": "text"
},
"context": {
"properties": {
"trade": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
}
}
},
"trader": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
},
"email": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"payment": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
}
}
},
"err": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
},
"cause": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
},
"cause": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
}
}
}
}
}
}
},
"req": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
},
"remoteAddress": {
"type": "ip"
},
"remotePort": {
"type": "integer"
},
"method": {
"ignore_above": 32,
"type": "keyword"
},
"path": {
"type": "text"
},
"body": {
"type": "text"
},
"bodyLength": {
"type": "integer"
},
"headers": {
"type": "text"
}
}
},
"res": {
"properties": {
"statusCode": {
"type": "short"
},
"body": {
"type": "text"
},
"bodyLength": {
"type": "integer"
},
"headers": {
"type": "text"
},
"latency": {
"type": "integer"
}
}
},
"event": {
"properties": {
"eventName": {
"ignore_above": 256,
"type": "keyword"
},
"context": {
"type": "text"
},
"uuid": {
"ignore_above": 64,
"type": "keyword"
},
"time": {
"type": "long"
},
"attempts": {
"type": "short"
}
}
},
"task": {
"properties": {
"taskName": {
"ignore_above": 256,
"type": "keyword"
},
"context": {
"type": "text"
},
"uuid": {
"ignore_above": 64,
"type": "keyword"
},
"time": {
"type": "long"
},
"attempts": {
"type": "short"
},
"origin": {
"ignore_above": 128,
"type": "keyword"
}
}
}
}
},
"dlq": {
"properties": {
"eventFields": {
"type": "text"
},
"reason": {
"type": "text"
}
}
},
"tags": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}
}
@YLR给出的答案基本正确,但他提供的映射存在一些解析错误
_all field 在 6.0
中已弃用
_all may no longer be enabled for indices created in 6.0+, use a custom field and the mapping copy_to parameter
请参阅此 Elasticsearch documentation,了解更多信息。
Indices created in Elasticsearch 7.0.0 or later no longer accept a
default mapping. Indices created in 6.x will continue to function as before in Elasticsearch 6.x. Types are deprecated in APIs in 7.0, with
breaking changes to the index creation, put mapping, get mapping, put
template, get template and get field mappings APIs.
修改后的映射为:
{
"index_patterns": [
"logstash-*"
],
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": "50000"
}
},
"refresh_interval": "5s"
}
},
"mappings": {
"properties": {
"@timestamp": {
"type": "date"
},
"name": {
"ignore_above": 64,
"type": "keyword"
},
"logger": {
"ignore_above": 64,
"type": "keyword"
},
"hostname": {
"ignore_above": 256,
"type": "keyword"
},
"pid": {
"type": "integer"
},
"level": {
"type": "short"
},
"v": {
"type": "short"
},
"env": {
"ignore_above": 64,
"type": "keyword"
},
"service": {
"ignore_above": 256,
"type": "keyword"
},
"message": {
"type": "text"
},
"module": {
"type": "keyword"
},
"subModule": {
"type": "keyword"
},
"docker": {
"properties": {
"container_id": {
"ignore_above": 512,
"type": "keyword"
},
"container_name": {
"ignore_above": 512,
"type": "keyword"
},
"image_id": {
"ignore_above": 512,
"type": "keyword"
},
"image_name": {
"ignore_above": 512,
"type": "keyword"
},
"command": {
"ignore_above": 512,
"type": "keyword"
},
"tag": {
"ignore_above": 512,
"type": "keyword"
},
"created": {
"type": "date"
}
}
},
"data": {
"type": "text"
},
"context": {
"properties": {
"trade": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
}
}
},
"trader": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
},
"email": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"payment": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
}
}
},
"err": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
},
"cause": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
},
"cause": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
}
}
}
}
}
}
},
"req": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
},
"remoteAddress": {
"type": "ip"
},
"remotePort": {
"type": "integer"
},
"method": {
"ignore_above": 32,
"type": "keyword"
},
"path": {
"type": "text"
},
"body": {
"type": "text"
},
"bodyLength": {
"type": "integer"
},
"headers": {
"type": "text"
}
}
},
"res": {
"properties": {
"statusCode": {
"type": "short"
},
"body": {
"type": "text"
},
"bodyLength": {
"type": "integer"
},
"headers": {
"type": "text"
},
"latency": {
"type": "integer"
}
}
},
"event": {
"properties": {
"eventName": {
"ignore_above": 256,
"type": "keyword"
},
"context": {
"type": "text"
},
"uuid": {
"ignore_above": 64,
"type": "keyword"
},
"time": {
"type": "long"
},
"attempts": {
"type": "short"
}
}
},
"task": {
"properties": {
"taskName": {
"ignore_above": 256,
"type": "keyword"
},
"context": {
"type": "text"
},
"uuid": {
"ignore_above": 64,
"type": "keyword"
},
"time": {
"type": "long"
},
"attempts": {
"type": "short"
},
"origin": {
"ignore_above": 128,
"type": "keyword"
}
}
}
}
},
"dlq": {
"properties": {
"eventFields": {
"type": "text"
},
"reason": {
"type": "text"
}
}
},
"tags": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
我找到答案了!
Logstash 将类型为 logs 的日志发送到 ElasticSearch。用日志替换 default 解决了这个问题。但是,要在版本 7 中应用映射,您需要使用 PUT /_template/template_1?include_type_name=true
Elasticsearch 7.0 使用 php 7.4 版本。
在服务器
中的 Elasticsearch 7.0 中映射数据库 table
<?php
require 'includes/config.php';
require 'includes/connection.php';
require 'vendor/autoload.php';
class SearchElastic {
private $elasticclient = null;
public function __construct(){
$db = new Connection();
$this->con = $db->connect();
//echo "<pre>";print_r($this->con); die;
$elasticUrls = 'http://'.ELASTICSEARCH_HOST.':'.ELASTICSEARCH_PORT;
$hosts = [$elasticUrls]; // SSL to localhost
$this->elasticclient = Elasticsearch\ClientBuilder::create()->setHosts($hosts)->build();
//echo "<pre>"; print_r($this->elasticclient); die;
}
public function Mapping(){
$params = ['index' => 'employee'];
$response = $this->elasticclient->indices()->delete($params);
$params = [
'index' => 'employee',
'body' => [
'products' => [
'mappings' => [
'properties' => [
'code' => [
'type' => 'integer'
],
'name' => [
'type' => 'text'
],
'created_at' => [
'type' => 'text'
],
'last_updated' => [
'type' => 'text'
],
'rank' => [
'type' => 'integer'
],
]
]
]
]
];
//echo "<pre>"; print_r($params); die;
$this->elasticclient->indices()->create($params);
//echo "<pre>"; print_r($var); die;
}
public function Search($query){
$client = $this->elasticclient;
$result = array();
$i = 0;
$params = [
'index' => 'employee',
'type' => 'doc',
'body' => [
'query' => [
'match' => ['name' => $query],
],
'size' => 9,
'sort' => [
['rank' => 'desc'],
],
],
];
$query = $client->search($params);
//echo "<pre>"; print_r($query);die;
$hits = sizeof($query['hits']['hits']);
$hit = $query['hits']['hits'];
$result['searchfound'] = $hits;
while ($i < $hits) {
$result['result'][$i] = $query['hits']['hits'][$i]['_source'];
$i++;
}
return $result;
}
public function InsertData(){
$this->Mapping();
$client = $this->elasticclient;
$stmt = "SELECT * FROM `table_name` where id=1";
$result = $this->con->query($stmt);
$params = null;
while ($row = $result->fetch_assoc()){
$params['body'][] = array(
'index' => array(
'_index' => 'employee',
'_type' => 'doc',
'_id' => $row['id'],
) ,
);
$params['body'][] = [
'id' => $row['id'],
'name' => $row['name'],
'created_at' => $row['created_at'],
'last_updated' => $row['last_updated'],
'rank' => $row['rank'],
];
}
$responses = $client->bulk($params);
//echo "<pre>"; print_r($responses); die;
return true;
}
public function UpdateData(){
$client = $this->elasticclient;
$stmt = "SELECT * FROM `table_name` limit 1, 100";
$result = $this->con->query($stmt);
$params = null;
while ($row = $result->fetch_assoc()){
$params['body'][] = array(
'index' => array(
'_index' => 'employee',
'_type' => 'doc',
'_id' => $row['id'],
) ,
);
$params['body'][] = [
'id' => $row['id'],
'name' => $row['name'],
'created_at' => $row['created_at'],
'last_updated' => $row['last_updated'],
'rank' => $row['rank'],
];
}
$responses = $client->bulk($params);
//echo "<pre>"; print_r($responses); die;
return true;
}
}
?>
我使用 ElasticSearch 6 已经很长时间了,并且设法为我最常用的字段应用了映射。最近,我创建了另一个集群 (v7.7),但无法应用相同的映射,因为 default 已被弃用。我的映射中有一些嵌套对象。当我用 _doc 替换 default 时,我可以应用映射,但是所有传入 ES 的请求都将被拒绝,并将进入 Logstash 死信队列。 (我正在使用 logstash 并将我的应用程序日志发送到 ElasticSearch。这是我的映射 json:
"index_patterns": [
"logstash-*"
],
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": "50000"
}
},
"refresh_interval": "5s"
}
},
"mappings": {
"_default_": {
"_all": {
"norms": false
},
"properties": {
"@timestamp": {
"type": "date"
},
"name": {
"ignore_above": 64,
"type": "keyword"
},
"logger": {
"ignore_above": 64,
"type": "keyword"
},
"hostname": {
"ignore_above": 256,
"type": "keyword"
},
"pid": {
"type": "integer"
},
"level": {
"type": "short"
},
"v": {
"type": "short"
},
"env": {
"ignore_above": 64,
"type": "keyword"
},
"service": {
"ignore_above": 256,
"type": "keyword"
},
"message": {
"type": "text"
},
"module": {
"type": "keyword"
},
"subModule": {
"type": "keyword"
},
"docker": {
"properties": {
"container_id": {
"ignore_above": 512,
"type": "keyword"
},
"container_name": {
"ignore_above": 512,
"type": "keyword"
},
"image_id": {
"ignore_above": 512,
"type": "keyword"
},
"image_name": {
"ignore_above": 512,
"type": "keyword"
},
"command": {
"ignore_above": 512,
"type": "keyword"
},
"tag": {
"ignore_above": 512,
"type": "keyword"
},
"created": {
"type": "date"
}
}
},
"data": {
"type": "text"
},
"context": {
"properties": {
"trade": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
}
}
},
"trader": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
},
"email": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"payment": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
}
}
},
"err": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
},
"cause": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
},
"cause": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
}
}
}
}
}
}
},
"req": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
},
"remoteAddress": {
"type": "ip"
},
"remotePort": {
"type": "integer"
},
"method": {
"ignore_above": 32,
"type": "keyword"
},
"path": {
"type": "text"
},
"body": {
"type": "text"
},
"bodyLength": {
"type": "integer"
},
"headers": {
"type": "text"
}
}
},
"res": {
"properties": {
"statusCode": {
"type": "short"
},
"body": {
"type": "text"
},
"bodyLength": {
"type": "integer"
},
"headers": {
"type": "text"
},
"latency": {
"type": "integer"
}
}
},
"event": {
"properties": {
"eventName": {
"ignore_above": 256,
"type": "keyword"
},
"context": {
"type": "text"
},
"uuid": {
"ignore_above": 64,
"type": "keyword"
},
"time": {
"type": "long"
},
"attempts": {
"type": "short"
}
}
},
"task": {
"properties": {
"taskName": {
"ignore_above": 256,
"type": "keyword"
},
"context": {
"type": "text"
},
"uuid": {
"ignore_above": 64,
"type": "keyword"
},
"time": {
"type": "long"
},
"attempts": {
"type": "short"
},
"origin": {
"ignore_above": 128,
"type": "keyword"
}
}
}
}
},
"dlq": {
"properties": {
"eventFields": {
"type": "text"
},
"reason": {
"type": "text"
}
}
},
"tags": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}
我想知道如何将其应用于 elasticSearch7?
这是 ElasticSearch 错误:
[o.e.a.a.i.m.p.TransportPutMappingAction] [0c85334cb2d41154383d0174502e13f2] failed to put mappings on indices [[[__PATH__]]], type [logs]
java.lang.IllegalArgumentException: Rejecting mapping update to [logstash-2020.10.02] as the final mapping would have more than 1 type: [_doc, logs]
您必须更新 v7 中不支持的一些字段。
此请求是删除/更新不受支持字段的示例:
PUT _index_template/template_1
{
"index_patterns": [
"logstash-*"
],
"template": {
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": "50000"
}
},
"refresh_interval": "5s"
}
},
"mappings": {
"properties": {
"@timestamp": {
"type": "date"
},
"name": {
"ignore_above": 64,
"type": "keyword"
},
"logger": {
"ignore_above": 64,
"type": "keyword"
},
"hostname": {
"ignore_above": 256,
"type": "keyword"
},
"pid": {
"type": "integer"
},
"level": {
"type": "short"
},
"v": {
"type": "short"
},
"env": {
"ignore_above": 64,
"type": "keyword"
},
"service": {
"ignore_above": 256,
"type": "keyword"
},
"message": {
"type": "text"
},
"module": {
"type": "keyword"
},
"subModule": {
"type": "keyword"
},
"docker": {
"properties": {
"container_id": {
"ignore_above": 512,
"type": "keyword"
},
"container_name": {
"ignore_above": 512,
"type": "keyword"
},
"image_id": {
"ignore_above": 512,
"type": "keyword"
},
"image_name": {
"ignore_above": 512,
"type": "keyword"
},
"command": {
"ignore_above": 512,
"type": "keyword"
},
"tag": {
"ignore_above": 512,
"type": "keyword"
},
"created": {
"type": "date"
}
}
},
"data": {
"type": "text"
},
"context": {
"properties": {
"trade": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
}
}
},
"trader": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
},
"email": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"payment": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
}
}
},
"err": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
},
"cause": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
},
"cause": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
}
}
}
}
}
}
},
"req": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
},
"remoteAddress": {
"type": "ip"
},
"remotePort": {
"type": "integer"
},
"method": {
"ignore_above": 32,
"type": "keyword"
},
"path": {
"type": "text"
},
"body": {
"type": "text"
},
"bodyLength": {
"type": "integer"
},
"headers": {
"type": "text"
}
}
},
"res": {
"properties": {
"statusCode": {
"type": "short"
},
"body": {
"type": "text"
},
"bodyLength": {
"type": "integer"
},
"headers": {
"type": "text"
},
"latency": {
"type": "integer"
}
}
},
"event": {
"properties": {
"eventName": {
"ignore_above": 256,
"type": "keyword"
},
"context": {
"type": "text"
},
"uuid": {
"ignore_above": 64,
"type": "keyword"
},
"time": {
"type": "long"
},
"attempts": {
"type": "short"
}
}
},
"task": {
"properties": {
"taskName": {
"ignore_above": 256,
"type": "keyword"
},
"context": {
"type": "text"
},
"uuid": {
"ignore_above": 64,
"type": "keyword"
},
"time": {
"type": "long"
},
"attempts": {
"type": "short"
},
"origin": {
"ignore_above": 128,
"type": "keyword"
}
}
}
}
},
"dlq": {
"properties": {
"eventFields": {
"type": "text"
},
"reason": {
"type": "text"
}
}
},
"tags": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
}
}
@YLR给出的答案基本正确,但他提供的映射存在一些解析错误
_all field 在 6.0
中已弃用_all may no longer be enabled for indices created in 6.0+, use a custom field and the mapping copy_to parameter
请参阅此 Elasticsearch documentation,了解更多信息。
Indices created in Elasticsearch 7.0.0 or later no longer accept a default mapping. Indices created in 6.x will continue to function as before in Elasticsearch 6.x. Types are deprecated in APIs in 7.0, with breaking changes to the index creation, put mapping, get mapping, put template, get template and get field mappings APIs.
修改后的映射为:
{
"index_patterns": [
"logstash-*"
],
"settings": {
"index": {
"mapping": {
"total_fields": {
"limit": "50000"
}
},
"refresh_interval": "5s"
}
},
"mappings": {
"properties": {
"@timestamp": {
"type": "date"
},
"name": {
"ignore_above": 64,
"type": "keyword"
},
"logger": {
"ignore_above": 64,
"type": "keyword"
},
"hostname": {
"ignore_above": 256,
"type": "keyword"
},
"pid": {
"type": "integer"
},
"level": {
"type": "short"
},
"v": {
"type": "short"
},
"env": {
"ignore_above": 64,
"type": "keyword"
},
"service": {
"ignore_above": 256,
"type": "keyword"
},
"message": {
"type": "text"
},
"module": {
"type": "keyword"
},
"subModule": {
"type": "keyword"
},
"docker": {
"properties": {
"container_id": {
"ignore_above": 512,
"type": "keyword"
},
"container_name": {
"ignore_above": 512,
"type": "keyword"
},
"image_id": {
"ignore_above": 512,
"type": "keyword"
},
"image_name": {
"ignore_above": 512,
"type": "keyword"
},
"command": {
"ignore_above": 512,
"type": "keyword"
},
"tag": {
"ignore_above": 512,
"type": "keyword"
},
"created": {
"type": "date"
}
}
},
"data": {
"type": "text"
},
"context": {
"properties": {
"trade": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
}
}
},
"trader": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
},
"email": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"payment": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
}
}
},
"err": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
},
"cause": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
},
"cause": {
"properties": {
"message": {
"type": "text"
},
"name": {
"ignore_above": 256,
"type": "keyword"
},
"stack": {
"type": "text"
},
"code": {
"ignore_above": 256,
"type": "keyword"
},
"file": {
"ignore_above": 256,
"type": "keyword"
},
"line": {
"type": "integer"
}
}
}
}
}
}
},
"req": {
"properties": {
"id": {
"ignore_above": 64,
"type": "keyword"
},
"remoteAddress": {
"type": "ip"
},
"remotePort": {
"type": "integer"
},
"method": {
"ignore_above": 32,
"type": "keyword"
},
"path": {
"type": "text"
},
"body": {
"type": "text"
},
"bodyLength": {
"type": "integer"
},
"headers": {
"type": "text"
}
}
},
"res": {
"properties": {
"statusCode": {
"type": "short"
},
"body": {
"type": "text"
},
"bodyLength": {
"type": "integer"
},
"headers": {
"type": "text"
},
"latency": {
"type": "integer"
}
}
},
"event": {
"properties": {
"eventName": {
"ignore_above": 256,
"type": "keyword"
},
"context": {
"type": "text"
},
"uuid": {
"ignore_above": 64,
"type": "keyword"
},
"time": {
"type": "long"
},
"attempts": {
"type": "short"
}
}
},
"task": {
"properties": {
"taskName": {
"ignore_above": 256,
"type": "keyword"
},
"context": {
"type": "text"
},
"uuid": {
"ignore_above": 64,
"type": "keyword"
},
"time": {
"type": "long"
},
"attempts": {
"type": "short"
},
"origin": {
"ignore_above": 128,
"type": "keyword"
}
}
}
}
},
"dlq": {
"properties": {
"eventFields": {
"type": "text"
},
"reason": {
"type": "text"
}
}
},
"tags": {
"ignore_above": 1024,
"type": "keyword"
},
"type": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
我找到答案了!
Logstash 将类型为 logs 的日志发送到 ElasticSearch。用日志替换 default 解决了这个问题。但是,要在版本 7 中应用映射,您需要使用 PUT /_template/template_1?include_type_name=true
Elasticsearch 7.0 使用 php 7.4 版本。 在服务器
中的 Elasticsearch 7.0 中映射数据库 table<?php
require 'includes/config.php';
require 'includes/connection.php';
require 'vendor/autoload.php';
class SearchElastic {
private $elasticclient = null;
public function __construct(){
$db = new Connection();
$this->con = $db->connect();
//echo "<pre>";print_r($this->con); die;
$elasticUrls = 'http://'.ELASTICSEARCH_HOST.':'.ELASTICSEARCH_PORT;
$hosts = [$elasticUrls]; // SSL to localhost
$this->elasticclient = Elasticsearch\ClientBuilder::create()->setHosts($hosts)->build();
//echo "<pre>"; print_r($this->elasticclient); die;
}
public function Mapping(){
$params = ['index' => 'employee'];
$response = $this->elasticclient->indices()->delete($params);
$params = [
'index' => 'employee',
'body' => [
'products' => [
'mappings' => [
'properties' => [
'code' => [
'type' => 'integer'
],
'name' => [
'type' => 'text'
],
'created_at' => [
'type' => 'text'
],
'last_updated' => [
'type' => 'text'
],
'rank' => [
'type' => 'integer'
],
]
]
]
]
];
//echo "<pre>"; print_r($params); die;
$this->elasticclient->indices()->create($params);
//echo "<pre>"; print_r($var); die;
}
public function Search($query){
$client = $this->elasticclient;
$result = array();
$i = 0;
$params = [
'index' => 'employee',
'type' => 'doc',
'body' => [
'query' => [
'match' => ['name' => $query],
],
'size' => 9,
'sort' => [
['rank' => 'desc'],
],
],
];
$query = $client->search($params);
//echo "<pre>"; print_r($query);die;
$hits = sizeof($query['hits']['hits']);
$hit = $query['hits']['hits'];
$result['searchfound'] = $hits;
while ($i < $hits) {
$result['result'][$i] = $query['hits']['hits'][$i]['_source'];
$i++;
}
return $result;
}
public function InsertData(){
$this->Mapping();
$client = $this->elasticclient;
$stmt = "SELECT * FROM `table_name` where id=1";
$result = $this->con->query($stmt);
$params = null;
while ($row = $result->fetch_assoc()){
$params['body'][] = array(
'index' => array(
'_index' => 'employee',
'_type' => 'doc',
'_id' => $row['id'],
) ,
);
$params['body'][] = [
'id' => $row['id'],
'name' => $row['name'],
'created_at' => $row['created_at'],
'last_updated' => $row['last_updated'],
'rank' => $row['rank'],
];
}
$responses = $client->bulk($params);
//echo "<pre>"; print_r($responses); die;
return true;
}
public function UpdateData(){
$client = $this->elasticclient;
$stmt = "SELECT * FROM `table_name` limit 1, 100";
$result = $this->con->query($stmt);
$params = null;
while ($row = $result->fetch_assoc()){
$params['body'][] = array(
'index' => array(
'_index' => 'employee',
'_type' => 'doc',
'_id' => $row['id'],
) ,
);
$params['body'][] = [
'id' => $row['id'],
'name' => $row['name'],
'created_at' => $row['created_at'],
'last_updated' => $row['last_updated'],
'rank' => $row['rank'],
];
}
$responses = $client->bulk($params);
//echo "<pre>"; print_r($responses); die;
return true;
}
}
?>