TTL弹性搜索不起作用 [英] TTL elastic search not working
问题描述
我需要对从logstash导出的每个日志放置一个TTL.
I need to put a TTL with each of the logs exported from logstash.
我已经在config文件夹下创建了一个文件夹"mappings",在该文件夹下有一个_default文件夹,在其中有json文件 default .json,它具有:
I have already created a folder 'mappings' under the config folder, under which I have a folder _default, under which I have the json file default.json, which has:
{
"_default_" : {
"_ttl" : { "enabled" : true, "default" : "10s" }
}
}
我正在使用logstash将日志导出到弹性服务器.配置文件为:
I am exporting my logs to elastic server with logstash. THe config file is:
input {
stdin {
type => "stdin-type"
}
}
filter {
grok {
type => "stdin-type"
pattern => "I am %{USERNAME:username}"
add_tag=>"{username}"
}
}
output {
stdout { debug => true debug_format => "json"}
elasticsearch
{
}
}
我应该期望在10秒后从ELastic搜索中删除日志,但事实并非如此.日志持续存在. 我要去哪里错了?我完全被困住了.
I should expect that the logs get deleted from ELastic Search after 10 seconds, but that is not the case. The logs persist. Where am I going wrong? I am totally stuck.
需要帮助.
推荐答案
使用模板:
{
"template_1" :
{
"template" : "logstash-*",
"settings" : {
"number_of_shards" : 5,
"number_of_replicas" : 1,
"index.cache.field.type" : "soft",
"index.refresh_interval" : "5s",
"index.store.compress.stored" : true,
"index" : {
"store" : { "compress" : { "stored" : true }}
}
},
"mappings" : {
"nginxlog" : {
"_ttl" : {"enabled" : true, "default" : "1m"},
"properties" : {
"@timestamp": { "type": "date", "format" : "dateOptionalTime"}
}
}
}
}
}
use templates:
{
"template_1" :
{
"template" : "logstash-*",
"settings" : {
"number_of_shards" : 5,
"number_of_replicas" : 1,
"index.cache.field.type" : "soft",
"index.refresh_interval" : "5s",
"index.store.compress.stored" : true,
"index" : {
"store" : { "compress" : { "stored" : true }}
}
},
"mappings" : {
"nginxlog" : {
"_ttl" : {"enabled" : true, "default" : "1m"},
"properties" : {
"@timestamp": { "type": "date", "format" : "dateOptionalTime"}
}
}
}
}
}
设置1分钟,一分钟后自动删除
set 1 minute,automatically delete a minute later
这篇关于TTL弹性搜索不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
