汇总kibana中的http日志路径列表 [英] Aggregating a list of http log paths in kibana
问题描述
我有一个nginx-> fluentd-> elasticsearch-> kibana堆栈并正在运行.试图弄清楚我是否可以执行术语"面板之类的操作,但是要使用日志中的路径字符串组件.直接在其上使用术语面板会导致路径中使用次数最多的单词,例如对于drupal,它显示节点"是最受欢迎的节点,如果没有实际的节点ID,这是毫无用处的.
I have a nginx->fluentd->elasticsearch->kibana stack up and running. Trying to figure if I can do something like a "terms" panel but with a path string component from logs. Using a terms panel directly on that results in top used words from paths, e.g. for drupal it shows "node" as the most popular, which is quite useless without actual node id.
与elasticsearch可能有关吗?
Is that something that is possible to do with elasticsearch?
更新:这是我的日志示例:
Update: Here's a sample of my logs:
"path": "/node/123"
"path": "/node/456"
"path": "/user/create"
如果我在路径"字段中添加术语"面板,则会得到节点",用户",创建"的列,这没有统计意义.我需要的是一个术语面板,该面板聚集唯一字段值,而不是唯一字段词的部分.
If I add a "terms" panel for "path" field, I get columns for "node", "user", "create", which make no statistical sense. What I need is a terms panel that aggregates on unique field values, not unique word parts of the field.
推荐答案
您需要配置Elasticsearch的映射,以将路径"字段设置为未分析".默认设置为分析",默认情况下,ES会分析字符串字段,并在可能的情况下将它们划分为多个标记,这可能就是您所遇到的情况.参见此相关问题.
You need to configure Elasticsearch's mapping for setting your "path" field as a "not_analyzed" one. The default setting is "analyzed" and by default, ES parses the string fields and divide them in multiple tokens when possible, which is probably what happened in your case. See this related question.
关于如何配置Elasticsearch的映射,我仍然在挖掘,我自己想对多令牌字符串进行排序时遇到了类似的问题.似乎会有一个put映射API或使用配置文件的可能性,请参见
As for how to configure Elasticsearch's mapping, I am also still digging, having a similar problem myself with multi-token strings I want to be able to sort on. It seems like there would be a put mapping API or the possibility of using config files, see here.
这篇关于汇总kibana中的http日志路径列表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
