有個需求是,如果再index records的同時加入index 的時間呢?
logstash會在欲index 的 event 加入 @timestamp 欄位,是由 logstash所加入的。
elasticsearch 的 mapping 內有個 _timestamp ,只要在 put mapping 時 啟用這個欄位,索引時就會自動把索引時間加入 records中。
用法如下,
{ "logs" : { "_timestamp" : { "enabled" : true } } }
_timestamp 欄位預設在 index setting中 "store" 是設為 false , "index" 屬性設為 not_analyzed 。
create index
PUT http://localhost:9200/indextest
- put mapping
PUT http://localhost:9200/indextest/logs/ { "logs" : { "_timestamp" : { "enabled" : true } } }
- post data to index
POST http://localhost:9200/indextest/logs { "name" : "elasticsearch" }
- search docs
GET http://localhost:9200/indextest/logs/_search?q=*&fields=_timestamp,_source { "took": 2, "timed_out": false, "_shards": { "total": 5, "successful": 5, "failed": 0 }, "hits": { "total": 1, "max_score": 1, "hits": [ { "_index": "indextest", "_type": "logs", "_id": "0AXft-9gTK-DUdfEvUZFiQ", "_score": 1, "_source": { "name": "elasticsearch" }, "fields": { "_timestamp": 1410870337057 } } ] } }
cf.
peicheng-note: elasticsearch 相關 elasticsearch文章
http://peichengnote.blogspot.tw/search/label/elasticsearch
_timestamp
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/mapping-timestamp-field.html
peicheng note: [elasticsearch]get all facet term in elasticsearch / 得到所有的aggregation term list
http://peichengnote.blogspot.tw/2014/09/elasticsearchget-all-facet-term-in.html
peicheng note: [elasticsearch]safely reload configuration from elasticsearch.yml
peicheng note: [elasticsearch] url query_string length limit
peicheng note: [elasticsearch] 關於 brain split / cluster split 成兩個 clusters
peicheng note: [elasticsearch] 再談 _all fieldhttp://peichengnote.blogspot.tw/2014/06/elasticsearch-all-field.html
peicheng note: [elasticsearch]range query depends on the field type
http://peichengnote.blogspot.tw/2014/06/elasticsearchrange-query-depends-on.htmlpeicheng-note: [elasticsearch] document id _id field uuid
http://peichengnote.blogspot.tw/2014/05/elasticsearch-document-id-id-field-uuid.html
peicheng-note: [elasticsearch/logstash] logstash id 自動產生 document id "_id" automatic id generation
http://peichengnote.blogspot.tw/2014/04/elasticsearchlogstash-logstash-id.html
peicheng note: [elasticsearch] index size , shard size , heap size design
http://peichengnote.blogspot.tw/2014/07/elasticsearch-index-size-shard-size.html
http://peichengnote.blogspot.tw/2014/07/elasticsearch-index-size-shard-size.html
peicheng note: [Elasticsearch] NumberFormatException / Invalid shift value in prefixCoded bytes
沒有留言:
張貼留言