本文介绍了如果ES中存在索引的索引,是否有基于API的方法在Kibana中创建索引模式的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我在ES中有一个索引.我需要使用API调用在.kibana中创建相同的索引模式.在此创建中,我什至要设置将成为时间戳列的列.帮助将不胜感激.
I have an index in ES.I need to create an index-pattern of the same in .kibana using an API call.In this creation, I even want to set the column which is going to be the timestamp column.Any help would be appreciated.
推荐答案
您可以做到,但是您需要自己构造整个结构.索引模式定义如下所示:
You can do it, but you'll need to construct the whole structure by yourself. An index pattern definition looks like this:
PUT .kibana/doc/index-pattern:<some-uuid>
{
"type": "index-pattern",
"updated_at": "2018-01-27T07:12:05.373Z",
"index-pattern": {
"title": "test*",
"timeFieldName": "@timestamp",
"fields": """ ... """,
}
}
-
title是您的索引模式的名称,如果您通过UI创建索引模式,则输入的名称将与您输入的名称相同. -
timeFieldName是时间戳字段的名称 -
fields是一个字符串,其中包含索引模式中所有字段定义的JSON数组(请参见下文) titleis the name of your index pattern, the same one you'd input if you create the index pattern through the UItimeFieldNameis the name of the timestamp fieldfieldsis a string containing a JSON array of all the field definitions in your index pattern (see below)
字段定义如下:
[
{
"name": "@timestamp",
"type": "date",
"count": 0,
"scripted": false,
"searchable": true,
"aggregatable": true,
"readFromDocValues": true
},
{
"name": "_id",
"type": "string",
"count": 0,
"scripted": false,
"searchable": true,
"aggregatable": true,
"readFromDocValues": false
},
{
"name": "_index",
"type": "string",
"count": 0,
"scripted": false,
"searchable": true,
"aggregatable": true,
"readFromDocValues": false
},
{
"name": "_score",
"type": "number",
"count": 0,
"scripted": false,
"searchable": false,
"aggregatable": false,
"readFromDocValues": false
},
{
"name": "_source",
"type": "_source",
"count": 0,
"scripted": false,
"searchable": false,
"aggregatable": false,
"readFromDocValues": false
},
{
"name": "_type",
"type": "string",
"count": 0,
"scripted": false,
"searchable": true,
"aggregatable": true,
"readFromDocValues": false
},
{
"name": "referer",
"type": "string",
"count": 0,
"scripted": false,
"searchable": true,
"aggregatable": false,
"readFromDocValues": false
},
...
]
因此,您需要为每个字段创建此数组,然后对其进行字符串化并将字符串放入fields字段中.
So you need to create this array for each of your fields, then stringify it and put the string inside the fields field.
这是代表索引模式的样本文档:
Here is a sample document representing an index pattern:
{
"type": "index-pattern",
"updated_at": "2018-01-27T07:12:05.373Z",
"index-pattern": {
"title": "test*",
"timeFieldName": "@timestamp",
"fields": """[{"name":"@timestamp","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"_id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"_index","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"_score","type":"number","count":0,"scripted":false,"searchable":false,"aggregatable":false,"readFromDocValues":false},{"name":"_source","type":"_source","count":0,"scripted":false,"searchable":false,"aggregatable":false,"readFromDocValues":false},{"name":"_type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"referer","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"referer.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"status","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"url","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"url.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true}]"""
}
}
这篇关于如果ES中存在索引的索引,是否有基于API的方法在Kibana中创建索引模式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!