elasticsearch - Elasticsearch + Kibana，对uri进行排序不会产生任何结果。 (未分析uri)

Question

我有HTTP请求的日志，其中一个字段是URI字段。我想获取每个URI的平均持续时间(以毫秒为单位)。我将Kibana中的y轴设置为"Aggregation: Average , Field: durationInMs"。

对于x轴，我有

"Aggregation: terms, Field uri, Order by: metric average durationInMs, Order: descending: 5"

要澄清的图像:



这给了我一个结果，但是它没有使用整个 URIt_strong。相反，它拆分URI并匹配它的一部分。经过快速的Google搜索后，我发现“ Multi-fields”，并在索引上添加了URI.raw字段。经过分析的现场警告消失了，但我完全没有 ，没有的结果。

有任何提示或提示吗？

lsc-logs2映射:

{
  "lsc-logs2": {
    "mappings": {
      "httplogentry": {
        "properties": {
          "context": {
            "type": "string"
          },
          "durationInMs": {
            "type": "double"
          },
          "id": {
            "type": "long"
          },
          "method": {
            "type": "string"
          },
          "source": {
            "type": "string"
          },
          "startTime": {
            "type": "date",
            "format": "strict_date_optional_time||epoch_millis"
          },
          "status": {
            "type": "long"
          },
          "uri": {
            "type": "string",
            "fields": {
              "raw": {
                "type": "string",
                "index": "not_analyzed"
              }
            }
          },
          "username": {
            "type": "string"
          },
          "version": {
            "type": "long"
          }
        }
      }
    }
  }
}

示例文件:

{
    "_index": "lsc-logs2",
    "_type": "httplogentry",
    "_id": "1148440",
    "_score": 1,
    "_source": {
        "startTime": "2016-08-22T10:30:57.2298086+02:00",
        "context": "contexturi",
        "method": "GET",
        "uri": "http://uri/plannings/unassigned?date=2016-08-22T03:58:57.168Z&page=1&pageSize=9999",
        "username": "user",
        "source": "192.168.1.82",
        "durationInMs": 171.83710000000002,
        "status": 200,
        "id": 1148440,
        "version": 1
    }
}

Answer 1

重新索引数据时，httplogentry映射不会从lsc-logs移植到lsc-logs2，您需要先创建目标索引+映射，然后才创建索引。

首先删除当前目标索引

curl -XDELETE localhost:9200/lsc-logs2

然后通过指定适当的映射来重新创建它

curl -XPUT localhost:9200/lsc-logs2 -d '{
    "mappings": {
      "httplogentry": {
        "properties": {
          "context": {
            "type": "string"
          },
          "durationInMs": {
            "type": "double"
          },
          "id": {
            "type": "long"
          },
          "method": {
            "type": "string"
          },
          "source": {
            "type": "string"
          },
          "startTime": {
            "type": "date",
            "format": "strict_date_optional_time||epoch_millis"
          },
          "status": {
            "type": "long"
          },
          "uri": {
            "type": "string",
            "fields": {
              "raw": {
                "type": "string",
                "index": "not_analyzed"
              }
            }
          },
          "username": {
            "type": "string"
          },
          "version": {
            "type": "long"
          }
        }
      }
    }
}'

然后，您可以重新索引数据:

curl -XPOST localhost:9200/_reindex -d '{
  "source": {
    "index": "lsc-logs"
  },
  "dest": {
    "index": "lsc-logs2"
  }
}'

然后在Kibana中的索引模式中刷新您的字段，它应该可以工作。