elasticsearch reindex似乎未使用新索引模板

kxeu7u2r  于 2021-06-09  发布在  ElasticSearch
关注(0)|答案(0)|浏览(330)

这在es的6.8版本下工作,但是现在我已经升级到7.10,reindex操作似乎完全忽略了与dest索引相关的模板。
日志显示在创建索引时应用了模板: authentication_2019.09.02] creating index, cause [auto(bulk api)], templates [authentication_template] 以下是Map:

elasticsearch@secesprd02:~$ cat json/indexes/authentication-index-tmpl.json
{
  "index_patterns": ["authentication*", "auth_*" ],
  "settings": {
    "number_of_shards": 2
  },
  "mappings": {
      "dynamic": false, 
      "properties": {       
          "ISODATE": {
          "type": "date"
        },
        "MESSAGE": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 25
            }
          }
        },
        "assoc_ip": {
          "type": "ip"
        },
        "city": {
          "type": "keyword",
          "ignore_above": 25
        },
        "country": {
          "type": "keyword",
          "ignore_above": 5
        },
        "data": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 25
            }
          }
        },
        "event_class": {
          "type": "keyword",
          "ignore_above": 25
        },
        "event_source": {
          "type": "keyword",
          "ignore_above": 256
        },
        "event_type": {
          "type": "keyword",
          "ignore_above": 20
        },
        "group": {
          "type": "keyword",
          "ignore_above": 20
        },
        "level": {
          "type": "integer"
        },
        "location" : {
          "type" : "geo_point"
        },
        "service": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword",
              "ignore_above": 25
            }
          }
        },
        "session_id": {
          "type": "keyword",
          "ignore_above": 50
        },
        "src_city": {
          "type": "keyword",
          "ignore_above": 50
        },
        "src_country": {
          "type": "keyword",
          "ignore_above": 10
        },
        "src_ip": {
          "type": "ip"
        },
        "status": {
          "type": "keyword",
          "ignore_above": 10
        },
        "user": {
          "type": "keyword",
          "ignore_above": 50
        }
      }
  }
}

特别是,这表明“dynamic”设置为false,但搜索索引时会显示所有内容都被复制,而不仅仅是模板中的字段。
下面是dest索引中出现的内容(它与source中的内容相同)[这是我刚开始工作时的数据,我想把它整理一下。

"_source": {
          "user": "xxx691",
          "status": "success",
          "srcip": "130.216.yy.yyy",
          "service": "WEBSSO",
          "event_type": "authentication",
          "event_source": "ec-kerberos",
          "SOURCE": "s_loghost",
          "PROGRAM": "krb5kdc",
          "PRIORITY": "info",
          "PID": "1937",
          "MESSAGE": "AS_REQ (4 etypes {18 17 16 23}) 130.216.yy.yy: ISSUE: authtime 1567391809, etypes {rep=16 tkt=16 ses=16}, xxxx691@WEBSSO.AUCKLAND.AC.NZ for krbtgt/WEBSSO.AUCKLAND.AC.NZ@WEBSSO.AUCKLAND.AC.NZ",
          "LEGACY_MSGHDR": "krb5kdc[1937]: ",
          "ISODATE": "2019-09-02T14:36:49+12:00",
          "HOST_FROM": "10.5.144.1",
          "HOST": "10.5.144.19",
          "FACILITY": "auth",
          "DATE": "Sep  2 14:36:49"
        }

更新:我现在已经尝试独立于reindex操作创建dest索引,但这没有什么区别。
我尝试向reindex添加一个脚本来显式删除/重命名字段,但该脚本似乎被忽略了。我知道它被编译是因为它发现了语法错误;)
关于可能发生的事有什么线索吗?

elasticsearchreindex

暂无答案!

目前还没有任何答案,快来回答吧!

我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com