我尝试用一个对象数组建立一个ElasticSearch索引。我尝试了以下Map:
{
"mappings": {
"date_detection": false,
"properties": {
"resource": {
"type": "object",
"properties": {
"name": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"uid": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"id": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"source": {
"properties": {
"serviceType": {
"type": "text"
},
"serviceId": {
"type": "text"
},
"state": {
"type": "text"
},
"type": {
"type": "text"
},
"connectorName": {
"type": "text"
},
"displayName": {
"type": "text"
}
}
},
"_key": {
"type": "text"
}
}
},
// other, irrelevnt fields
}
}
}并将以下文档:
"resource": [
{
"source": {
"serviceType": "AWS",
"serviceId": "...",
"state": null,
"type": "Source",
"connectorName": "AWS",
"displayName": null
},
"name": "...",
"id": "...",
"_key": "...",
"uid": "..."
},
{
"source": {
"serviceType": "AWS",
"serviceId": "..",
"state": null,
"type": "Source",
"connectorName": "AWS",
"displayName": null
},
"name": "...",
"id": "...",
"_key": "...",
"uid": "..."
}但是,看起来资源字段的解析是正确的:
我试着在田野里玩耍,但没有成功。我错过了什么?
2条答案
按热度按时间cnh2zyt31#
您遗漏了索引Map中的
properties键。正确的索引Map应该是:zpgglvta2#
我发现了问题。首先,它是一个冲突字段,而不是未知字段-我必须确保索引模式只包含我正在使用的新索引。然后,我遇到了Kibana reports a field is conflicting, how can I resolve it?中描述的问题。最后,它一直是“未知”字段,直到我用新的索引模式创建了一个全新的索引名称,它才得以解决。