output中配置
elasticsearch{ action => "index" hosts => ["xxx"] index => "http-log-logstash" document_type => "logs" template => "opt/http-logstash.json" template_name => "http-log-logstash" template_overwrite => true }
自定义模板示例
{ "template" : "qmpsearchlog", "order":1, "settings" : { "index.refresh_interval" : "60s" }, "mappings" : { "_default_" : { "_all" : { "enabled" : false }, "dynamic_templates" : [{ "message_field" : { "match" : "message", "match_mapping_type" : "string", "mapping" : { "type" : "string", "index" : "not_analyzed" } } }, { "string_fields" : { "match" : "*", "match_mapping_type" : "string", "mapping" : { "type" : "string", "index" : "not_analyzed" } } }], "properties" : { "@timestamp" : { "type" : "date"}, "@version" : { "type" : "integer", "index" : "not_analyzed" }, "path" : { "type" : "string", "index" : "not_analyzed" }, "host" : { "type" : "string", "index" : "not_analyzed" }, "record_time":{"type":"date","format": "yyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis"}, "method":{"type":"string","index" : "not_analyzed"}, "unionid":{"type":"string","index" : "not_analyzed"}, "user_name":{"type":"string","index" : "not_analyzed"}, "query":{"type":"string","index" : "not_analyzed"}, "ip":{ "type" : "ip"}, "webbrower":{"type":"string","index" : "not_analyzed"}, "os":{"type":"string","index" : "not_analyzed"}, "device":{"type":"string","index" : "not_analyzed"}, "ptype":{"type":"string","index" : "not_analyzed"}, "serarch_time":{"type":"date","format": "yyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis"}, "have_ok":{"type":"string","index" : "not_analyzed"}, "legal":{"type":"string","index" : "not_analyzed"} } } } }