新建mapping

新建索引: PUT logstash-redis-log-2017.12

PUT logstash-redis-log-2017.12/_mapping/redis-log
 {       "properties" : {
          "@timestamp" : {
            "type" "date"
          },
          "@version" : {
            "type" "text",
            "fields" : {
              "keyword" : {
                "type" "keyword",
                "ignore_above" : 256
              }
            }
          },
          "Query" : {
            "type" "text",
            "fields" : {
              "keyword" : {
                "type" "keyword",
                "ignore_above" : 256
              }
            }
          },
          "Rt" : {
            "type" "long",
            "fields" : {
              "keyword" : {
                "type" "keyword",
                "ignore_above" : 256
              }
            }
          },
          "dest_ip" : {
            "type" "text",
            "fields" : {
              "keyword" : {
                "type" "keyword",
                "ignore_above" : 256
              }
            }
          },
          "dest_port" : {
            "type" "text",
            "fields" : {
              "keyword" : {
                "type" "keyword",
                "ignore_above" : 256
              }
            }
          },
          "kafka" : {
            "properties" : {
              "consumer_group" : {
                "type" "text",
                "fields" : {
                  "keyword" : {
                    "type" "keyword",
                    "ignore_above" : 256
                  }
                }
              },
              "offset" : {
                "type" "long"
              },
              "partition" : {
                "type" "long"
              },
              "topic" : {
                "type" "text",
                "fields" : {
                  "keyword" : {
                    "type" "keyword",
                    "ignore_above" : 256
                  }
                }
              }
            }
          },
          "message" : {
            "type" "text",
            "fields" : {
              "keyword" : {
                "type" "keyword",
                "ignore_above" : 256
              }
            }
          },
          "request_len" : {
            "type" "long",
            "fields" : {
              "keyword" : {
                "type" "keyword",
                "ignore_above" : 256
              }
            }
          },
          "request_ts" : {
            "type" "long",
            "fields" : {
              "keyword" : {
                "type" "keyword",
                "ignore_above" : 256
              }
            }
          },
          "response_len" : {
            "type" "long",
            "fields" : {
              "keyword" : {
                "type" "keyword",
                "ignore_above" : 256
              }
            }
          },
          "souce_ip" : {
            "type" "text",
            "fields" : {
              "keyword" : {
                "type" "keyword",
                "ignore_above" : 256
              }
            }
          }
        }
}

新建索引: PUT logstash-iis-log-2017.12

PUT logstash-iis-log-2017.12/_mapping/iis-log
{
        "properties": {
          "@timestamp": {
            "type""date"
          },
          "@version": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "c-ip": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "cs": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "cs-bytes": {
            "type""long",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "cs-host": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "cs-method": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "cs-uri-query": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "cs-uri-stem": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "kafka": {
            "properties": {
              "consumer_group": {
                "type""text",
                "fields": {
                  "keyword": {
                    "type""keyword",
                    "ignore_above": 256
                  }
                }
              },
              "offset": {
                "type""long"
              },
              "partition": {
                "type""long"
              },
              "topic": {
                "type""text",
                "fields": {
                  "keyword": {
                    "type""keyword",
                    "ignore_above": 256
                  }
                }
              }
            }
          },
          "message": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "s-ip": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "s-port": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "sc-bytes": {
            "type""long",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "sc-status": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "sc-substatus": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "sc-win32-status": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "tags": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "time-taken": {
            "type""long",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "timestamp": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "type": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          }
        }
}

 

新建template

 Collapse source
PUT _template/logstash-iislog
{
  "template" "logstash-iislog-*",
  "settings" : {
    "index.refresh_interval" "5s"
  },
  "mappings" : {
    "iislog" : {
       "dynamic_templates" : [ {
         "string_fields" : {
           "match" "*",
           "match_mapping_type" "string",
           "mapping" : {
             "type" "string""index" "not_analyzed""omit_norms" true
           }
         }
       } ],
        "properties": {
          "@timestamp": {
            "type""date"
          },
          "@version": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "c-ip": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "cs": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "cs-bytes": {
            "type""long",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "cs-host": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "cs-method": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "cs-uri-query": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "cs-uri-stem": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "kafka": {
            "properties": {
              "consumer_group": {
                "type""text",
                "fields": {
                  "keyword": {
                    "type""keyword",
                    "ignore_above": 256
                  }
                }
              },
              "offset": {
                "type""long"
              },
              "partition": {
                "type""long"
              },
              "topic": {
                "type""text",
                "fields": {
                  "keyword": {
                    "type""keyword",
                    "ignore_above": 256
                  }
                }
              }
            }
          },
          "message": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "s-ip": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "s-port": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "sc-bytes": {
            "type""long",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "sc-status": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "sc-substatus": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "sc-win32-status": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "tags": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "time-taken": {
            "type""long",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "timestamp": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "type": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          }
         }
       }
    }
  }

iis字段全选:

 Collapse source
PUT _template/logstash-iis-ex
{
  "template" "logstash-iis-ex-*",
  "settings" : {
    "index.refresh_interval" "5s"
  },
  "mappings" : {
    "iis-ex" : {
       "dynamic_templates" : [ {
         "string_fields" : {
           "match" "*",
           "match_mapping_type" "string",
           "mapping" : {
             "type" "string""index" "not_analyzed""omit_norms" true
           }
         }
       } ],
    "properties": {"cs-method": {"type""text",
       "fields": {"keyword": {"ignore_above": 256,
       "type""keyword"
 
}
 
}
 
},
"cs-uri-stem": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"cs-uri-query": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"sc-substatus": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"s-computername": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"cs-username": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"type": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"sc-win32-status": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"cs-host": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"cs-version": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"@version": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"timestamp": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"s-sitename": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"cs-bytes": {"type""long",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"message": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"tags": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"time-taken": {"type""long",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"cs": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"@timestamp": {"type""date"
 
},
"s": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"s-ip": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"kafka": {"properties": {"consumer_group": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"partition": {"type""long"
 
},
"offset": {"type""long"
 
},
"topic": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
}
 
}
 
},
"s-port": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"sc-bytes": {"type""long",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
},
"c-ip": {"type""text",
"fields": {"keyword": {"ignore_above": 256,
"type""keyword"
 
}
 
}
 
}
 
}
 
}
 
}
  }

elasticsearch-template.json

 Collapse source
{
  "template" "logstash-iis-log-*",
  "settings" : {
    "index.refresh_interval" "5s"
  },
  "mappings" : {
    "iis-log" : {
       "dynamic_templates" : [ {
         "string_fields" : {
           "match" "*",
           "match_mapping_type" "string",
           "mapping" : {
             "type" "string""index" "not_analyzed""omit_norms" true
           }
         }
       } ],
"properties": {
"cs-method": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"s-sitename": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"cs-uri-stem": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"cs-bytes": {
"type""long",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"cs-uri-query": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"sc-substatus": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"s-computername": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"cs-username": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"message": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"type": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"time-taken": {
"type""long",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"cs": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"sc-win32-status": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"@timestamp": {
"type""date"
},
"cs-host": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"cs-version": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"s-ip": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"kafka": {
"properties": {
"consumer_group": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"partition": {
"type""long"
},
"offset": {
"type""long"
},
"topic": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
}
}
},
"s-port": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"sc-status": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"@version": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"sc-bytes": {
"type""long",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"c-ip": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
},
"timestamp": {
"type""text",
"fields": {
"keyword": {
"ignore_above": 256,
"type""keyword"
}
}
}
}
}
}
}
PUT _template/f5-request

 

 Collapse source
PUT _template/f5-request
{
  "template" "f5-request-*",
  "settings" : {
    "index.refresh_interval" "5s"
  },
    "mappings": {
      "f5-request": {
       "dynamic_templates" : [ {
         "string_fields" : {
           "match" "*",
           "match_mapping_type" "string",
           "mapping" : {
             "type" "string""index" "not_analyzed""omit_norms" true
           }
         }
       } ],
        "properties": {
          "@timestamp": {
            "type""date"
          },
          "@version": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "agent": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "bytes": {
            "type""long"
          },
          "clientip": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "geoip": {
            "properties": {
             
              "city_name": {
                "type""text",
                 
                "fields": {
                  "keyword": {
                    "type""keyword",
                    "ignore_above": 256
                  }
                }
              },
              "continent_code": {
                "type""text",
                "fields": {
                  "keyword": {
                    "type""keyword",
                    "ignore_above": 256
                  }
                }
              },
              "country_code2": {
                "type""text",
                "fields": {
                  "keyword": {
                    "type""keyword",
                    "ignore_above": 256
                  }
                }
              },
              "country_code3": {
                "type""text",
                "fields": {
                  "keyword": {
                    "type""keyword",
                    "ignore_above": 256
                  }
                }
              },
              "country_name": {
                "type""text",
                "fields": {
                  "keyword": {
                    "type""keyword",
                    "ignore_above": 256
                  }
                }
              },
              "ip": {
                "type""text",
                "fields": {
                  "keyword": {
                    "type""keyword",
                    "ignore_above": 256
                  }
                }
              },
              "latitude": {
                "type""float"
              },
              "location": {
                "type""geo_point",
                "ignore_malformed""true"
              },
              "longitude": {
                "type""float"
              },
              "region_code": {
                "type""text",
                "fields": {
                  "keyword": {
                    "type""keyword",
                    "ignore_above": 256
                  }
                }
              },
              "region_name": {
                "type""text",
                "fields": {
                  "keyword": {
                    "type""keyword",
                    "ignore_above": 256
                  }
                }
              },
              "timezone": {
                "type""text",
                "fields": {
                  "keyword": {
                    "type""keyword",
                    "ignore_above": 256
                  }
                }
              }
            }
          },
          "httpmethod": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "httpuri": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "httpversion": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "kafka": {
            "properties": {
              "consumer_group": {
                "type""text",
                "fields": {
                  "keyword": {
                    "type""keyword",
                    "ignore_above": 256
                  }
                }
              },
              "offset": {
                "type""long"
              },
              "partition": {
                "type""long"
              },
              "topic": {
                "type""text",
                "fields": {
                  "keyword": {
                    "type""keyword",
                    "ignore_above": 256
                  }
                }
              }
            }
          },
          "message": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "referer": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "response": {
            "type""long"
          },
          "response_ms": {
            "type""long"
          },
          "server": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "server_port": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "snat": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "tags": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "timestamp": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "type": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "user": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "virtual_ip": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "virtual_name": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "virtual_pool_name": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          },
          "virtual_port": {
            "type""text",
            "fields": {
              "keyword": {
                "type""keyword",
                "ignore_above": 256
              }
            }
          }
        }
      }
    }
  }
posted @ 2019-07-04 16:43  dream_fly_info  阅读(186)  评论(0编辑  收藏  举报