默认情况下,logstash是没有配置中文分词的,
那要如何解决呢?
解放方法: 自定义模板配置中文分词
自定义模板中增加分词器
1、创建自定义模板
完整的模板内容 logstash-ik.json
{
"order": 0,
"version": 1,
"index_patterns": ["*"],
"settings": {
"index": {
"number_of_shards": "1",
"refresh_interval": "5s"
}
},
"mappings": {
"dynamic_templates": [
{
"message_field": {
"path_match": "message",
"mapping": {
"norms": false,
"type": "text"
},
"match_mapping_type": "string"
}
},
{
"string_fields": {
"mapping": {
"norms": false,
"type": "text",
"analyzer": "ik_max_word",
"fields": {
"keyword": {
"ignore_above": 256,
"type": "keyword"
}
}
},
"match_mapping_type": "string",
"match": "*"
}
}
],
"properties": {
"@timestamp": {
"type": "date"
},
"geoip": {
"dynamic": true,
"properties": {
"ip": {
"type": "ip"
},
"latitude": {
"type": "half_float"
},
"location": {
"type": "geo_point"
},
"longitude": {
"type": "half_float"
}
}
},
"@version": {
"type": "keyword"
}
}
},
"aliases": {}
}
将这个文件拷贝到 /usr/local/logstash-7.4.2/sync 目录下
2、创建索引item_ik
3、修改logstash-db-sync.conf 的索引名称为 item_ik
启动logstash
