1.我是手动创建的索引,索引映射关系如下:
{
"settings":{
"analysis" : {
"analyzer" : {
"ik" : {
"tokenizer" : "ik_max_word"
}
}
}
},
"mappings":{
"test":{
"dynamic" : true,
"properties":{
"id":{
"type":"text",
"index":"not_analyzed"
},
"catid":{
"type":"text",
"index":"not_analyzed"
},
"classify":{
"type":"integer"
},
"title":{
"type":"text",
"analyzer": "ik_max_word",
"search_analyzer": "ik_max_word"
},
"author":{
"type":"text",
"analyzer": "ik_max_word",
"search_analyzer": "ik_max_word"
},
"published":{
"type":"date",
"format":"yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis"
},
"article":{
"type":"text",
"analyzer": "ik_max_word",
"search_analyzer": "ik_max_word"
}
}
}
}
}
input {
stdin {
}
jdbc {
# mysql 数据库链接,shop为数据库名
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/esshop"
# 用户名和密码
jdbc_user => "root"
jdbc_password => "***"
# 驱动
jdbc_driver_library => "D:/elasticsearch/logstash-5.5.2/mysqletc/mysql-connector-java-5.0.8.jar"
# 驱动类名
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_paging_enabled => "true"
jdbc_page_size => "50000"
# 执行的sql 文件路径+名称
statement_filepath => "D:/elasticsearch/logstash-5.5.2/mysqletc/shop.sql"
# 设置监听间隔 各字段含义(由左至右)分、时、天、月、年,全部为*默认含义为每分钟都更新
schedule => "* * * * *"
# 索引类型
type => "test"
}
}
filter {
json {
source => "message"
remove_field => ["message"]
}
}
output {
elasticsearch {
hosts => "localhost:9200"
index => "contse"
document_id => "%{id}"
}
stdout {
codec => json_lines
}
}
SELECT
*
FROM
content
2 个回复
codeKing007
赞同来自: laoyang360 、linxiuyuan 、wangdali
1.创建mapping设置的时间格式有问题
解决方法:
1.forma:yyyy-MM-dd HH:mm:ss即可
PS:我只是关注了logstash的日志,无意间发现了elasticsearch的日志在报错,菜鸟一枚,学习中
laoyang360 - 《一本书讲透Elasticsearch》作者,Elastic认证工程师 [死磕Elasitcsearch]知识星球地址:http://t.cn/RmwM3N9;微信公众号:铭毅天下; 博客:https://elastic.blog.csdn.net
赞同来自: codeKing007 、BKing