* 설정하기
아래코드를 kibana console에서 실행
PUT /_cluster/settings
{
"transient": {
"action.destructive_requires_name":false
}
}_reindex
POST _reindex
{
"source":{
"index":"apachelog-2022.05.08"
},
"dest":{
"index": "mylog"
}
}
### painless script
날짜 필드를 스크립트로 다량 넣기
pipeline으로 삭제할 필드지정
POST _reindex
{
"source":{
"index":"apachelog-2022.05.08"
},
"dest":{
"index": "mylog"
"pipeline":"mylog_delete_fields"
},
"script":{
"lang":"painless",
"source":"ctx._index = 'mylog-' +(ctx._index.substring('apachelog-'.length(), ctx._index.length()))"
}
}delete fields
생성후 _reindex에 추가해줌
PUT _ingest/pipeline/mylog_delete_fields
{
"processors": [
{
"remove": {
"field": ["clientip","ecs","input","tags"]
}
}
]
}###mapping
PUT mylog
{
"mappings": {
"properties" : {
"@timestamp" : {
"type" : "date"
},
"auth" : {
"type" : "keyword"
},
"bytes" : {
"type" : "long"
},
"container" : {
"properties" : {
"id" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"geoip" : {
"properties" : {
"geo" : {
"properties" : {
"city_name" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"continent_code" : {
"type" : "keyword"
},
"country_iso_code" : {
"type" : "keyword"
},
"country_name" : {
"type" : "keyword"
},
"location" : {
"type":"geo_point"
},
"postal_code" : {
"type" : "keyword"
},
"region_iso_code" : {
"type" : "keyword"
},
"region_name" : {
"type" : "keyword"
},
"timezone" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"ip" : {
"type" : "ip"
},
"mmdb" : {
"properties" : {
"dma_code" : {
"type" : "long"
}
}
}
}
},
"httpversion" : {
"type" : "keyword"
},
"ident" : {
"type" : "keyword"
},
"message" : {
"type" : "text"
},
"request" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"response" : {
"type" : "keyword"
},
"verb" : {
"type" : "keyword"
}
}
}
}
50대 개발자 노드, 자바스크립트