在 Elasticsearch 中重建索引
Reindex in Elasticsearch
我已经创建了一个索引模板,现在正尝试根据该索引模板重新索引我的日志。
这是一个日志,例如:
"_score": null,
"_source": {
"@timestamp": "2021-05-25T08:38:36",
"host": "172.18.20.22",
"Level": "Debug",
"events": [
"MessageTemplate": "{TimeoutTransactionLogsCount} transactions have timed-out.",
"Properties": {
"MachineName": "Monitoring",
"Source": "NOC",
"ProcessName": "LogService",
"SourceContext": "LogSvc.TimeoutManager",
"ThreadId": 10,
"TimeoutTransactionLogsCount": 0
}],
"Level": "Debug",
"Timestamp": "2021-05-25T13:07:40.7495940+04:30"
},
如你所见,事件字段是一个数组,它下面的所有内容都是[0]
我想编写一个 reindex API 脚本来指定源和目标,并将事件字段拆分为文档而不是数组。例如,这就是我需要的:
"_score": null,
"_source": {
"@timestamp": "2021-05-25T08:38:36",
"host": "172.18.20.22",
"Level": "Debug",
"events": {
"MessageTemplate": "{TimeoutTransactionLogsCount} transactions have timed-out.",
"Properties": {
"MachineName": "Monitoring",
"Source": "NOC",
"ProcessName": "LogService",
"SourceContext": "LogSvc.TimeoutManager",
"ThreadId": 10,
"TimeoutTransactionLogsCount": 0
}},
"Level": "Debug",
"Timestamp": "2021-05-25T13:07:40.7495940+04:30"
},
如何在开发工具中编写脚本?
POST _reindex
{
"source": {
"index":"testlog-2020.05.03"
},
"dest": {
"index": "testlog-2020.05.03-reindexed"
},
"script": {
"lang": "painless",
"source": "a script for changing `events` array to document..."
}
}
提前致谢
您的脚本可以简单地执行此操作:
POST _reindex
{
"source": {
"index":"testlog-2020.05.03"
},
"dest": {
"index": "testlog-2020.05.03-reindexed"
},
"script": {
"lang": "painless",
"source": "if (ctx._source.events != null) { ctx._source.events = ctx._source.events[0];}"
}
}
我已经创建了一个索引模板,现在正尝试根据该索引模板重新索引我的日志。 这是一个日志,例如:
"_score": null,
"_source": {
"@timestamp": "2021-05-25T08:38:36",
"host": "172.18.20.22",
"Level": "Debug",
"events": [
"MessageTemplate": "{TimeoutTransactionLogsCount} transactions have timed-out.",
"Properties": {
"MachineName": "Monitoring",
"Source": "NOC",
"ProcessName": "LogService",
"SourceContext": "LogSvc.TimeoutManager",
"ThreadId": 10,
"TimeoutTransactionLogsCount": 0
}],
"Level": "Debug",
"Timestamp": "2021-05-25T13:07:40.7495940+04:30"
},
如你所见,事件字段是一个数组,它下面的所有内容都是[0] 我想编写一个 reindex API 脚本来指定源和目标,并将事件字段拆分为文档而不是数组。例如,这就是我需要的:
"_score": null,
"_source": {
"@timestamp": "2021-05-25T08:38:36",
"host": "172.18.20.22",
"Level": "Debug",
"events": {
"MessageTemplate": "{TimeoutTransactionLogsCount} transactions have timed-out.",
"Properties": {
"MachineName": "Monitoring",
"Source": "NOC",
"ProcessName": "LogService",
"SourceContext": "LogSvc.TimeoutManager",
"ThreadId": 10,
"TimeoutTransactionLogsCount": 0
}},
"Level": "Debug",
"Timestamp": "2021-05-25T13:07:40.7495940+04:30"
},
如何在开发工具中编写脚本?
POST _reindex
{
"source": {
"index":"testlog-2020.05.03"
},
"dest": {
"index": "testlog-2020.05.03-reindexed"
},
"script": {
"lang": "painless",
"source": "a script for changing `events` array to document..."
}
}
提前致谢
您的脚本可以简单地执行此操作:
POST _reindex
{
"source": {
"index":"testlog-2020.05.03"
},
"dest": {
"index": "testlog-2020.05.03-reindexed"
},
"script": {
"lang": "painless",
"source": "if (ctx._source.events != null) { ctx._source.events = ctx._source.events[0];}"
}
}