Nginx access日志ES索引模板
时间:2021-07-01 10:21:17
帮助过:5人阅读
"template":
"nginx-access-*",
"settings": {
"index": {
"refresh_interval":
"5s"
}
},
"mappings": {
"nginx-access": {
"properties": {
"@timestamp": {
"type":
"date",
"format":
"strict_date_optional_time||epoch_millis"
},
"@version": {
"type":
"string"
},
"agent": {
"type":
"string"
},
"auth": {
"type":
"string"
},
"bytes": {
"type":
"string"
},
"clientip": {
"type":
"string"
},
"domain": {
"type":
"string",
"norms": {
"enabled":
false
},
"fielddata": {
"format":
"disabled"
},
"fields": {
"raw": {
"type":
"string",
"index":
"not_analyzed",
"ignore_above":
256
}
}
},
"fullurl": {//产生.raw聚合,使fullurl.raw可以进行聚合查询。
"norms": {
"enabled":
false
},
"fielddata": {
"format":
"disabled"
},
"fields": {
"raw": {
"type":
"string",
"index":
"not_analyzed",
"ignore_above":
256
}
}
},
"host": {
"type":
"string"
},
"httpversion": {
"type":
"string"
},
"ident": {
"type":
"string"
},
"method": {
"type":
"string"
},
"nsCode": {
"type":
"string"
},
"path": {
"type":
"string"
},
"referrer": {
"type":
"string",
"norms": {
"enabled":
false
},
"fielddata": {
"format":
"disabled"
},
"fields": {
"raw": {
"type":
"string",
"index":
"not_analyzed",
"ignore_above":
256
}
}
},
"request": {
"type":
"string",
"norms": {
"enabled":
false
},
"fielddata": {
"format":
"disabled"
},
"fields": {
"raw": {
"type":
"string",
"index":
"not_analyzed",
"ignore_above":
256
}
}
},
"request_time": {
"type":
"string"
},
"response": {
"type":
"string"
},
"tags": {
"type":
"string"
},
"timestamp": {
"type":
"string"
},
"type": {
"type":
"string"
},
"varniship": {
"type":
"string"
}
}
}
}
}
Nginx access日志ES索引模板
标签:app tags byte bsp request rms gen fielddata var
