日志采集:
| 流程 | 要做的事情 |
|---|
| 日志规范 | 固定字段定义 日志格式 |
| 日志采集 | 落盘规则 滚动策略 采集方法 |
| 日志传输 | 消息队列 消费方式 Topic规范 保存时间 |
| 日志切分 | 采样 过滤 自定格式 |
| 日志检索 | 索引分割 分片设置 检索优化 权限设置 保存时间 |
| 日志流监控 | 采集异常 传输异常 检索异常 不合规范 监控报警 |
ElasticSearch 7的mapping参数配置
脑袋大,ES的几个版本之间一直在进行迭代,好多的参数发生了变化,请使用者注意
static_logging_template.json
| {
"template": "logging-*",
"order":1,
"settings": {
"index.number_of_replicas": "1",
"index.number_of_shards": "5",
"index.refresh_interval" : "10s"
},
"mappings": {
"dynamic": "strict",
"properties": {
"message": {
"type": "text"
},
"timestamp": {
"type": "keyword"
},
"project": {
"type": "keyword"
},
"path": {
"type": "keyword"
},
"topic": {
"type": "keyword"
},
"logLevel": {
"type": "keyword"
},
"host": {
"type": "keyword"
},
"loggerName": {
"type": "keyword"
},
"threadName": {
"type": "keyword"
},
"classMethod": {
"type": "keyword"
},
"environment": {
"type": "keyword"
},
"traceId": {
"type": "keyword"
},
"@timestamp": {
"format": "strict_date_optional_time||epoch_millis",
"type": "date"
}
}
}
}
|
dynamic_logging_template.json
| {
"template": "dynamic-logging-*",
"order": 1,
"settings": {
"number_of_shards": 5,
"number_of_replicas": 0
},
"mappings": {
"dynamic_templates": [
{
"integers": {
"match_mapping_type": "long",
"mapping": {
"type": "integer"
}
}
},
{
"strings": {
"match_mapping_type": "string",
"mapping": {
"type": "text",
"fields": {
"raw": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
]
}
}
|
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
