Create Logstash custom template
Create a file for specifying templates, which gives you full control
over the fields that you want in log events.
> vim
/home/osadmin/ELK/logstash-2.3.2/myapp-template.json
{
"template": "myapp-template*",
"settings": {
"index.refresh_interval": "5s"
},
"mappings": {
"logs": {
"properties": {
"@timestamp": {
"type": "date",
"doc_values": true
},
"@version": {
"type": "string",
"index": "not_analyzed",
"doc_values": true
},
"eventSource":
{
"type": "string",
"index": "not_analyzed"
},
"host":
{
"type": "string",
"index": "not_analyzed"
},
"lineNumber": {
"type": "long"
},
"logLevel":
{
"type": "string",
"index": "not_analyzed"
},
"logType":
{
"type": "string",
"index": "not_analyzed"
},
"mco":
{
"type": "string",
"index": "not_analyzed"
},
"operation":
{
"type": "string"
},
"operationLevel":
{
"type": "string",
"index": "not_analyzed"
},
"path": {
"type": "string",
"index": "not_analyzed"
},
"result":
{
"type": "string"
},
"resultCode":
{
"type": "long"
},
"role":
{
"type": "string",
"index": "not_analyzed"
},
"service":
{
"type": "string",
"index": "not_analyzed"
},
"status":
{
"type": "string",
"index": "not_analyzed"
},
"timeConsumed":
{
"type": "long"
},
"timestamp":
{
"type": "date",
"format": "YYYY-MM-dd HH:mm:ss"
},
"userId":
{
"type": "string",
"index": "not_analyzed"
}
}
}
}
}
No comments:
Post a Comment
Note: only a member of this blog may post a comment.