我是 Elasticsearch 的新手,正在尝试创建我的第一个索引,但在使用之前工作的时间戳字段时遇到了问题...
我创建了这样的索引:
PUT /kafkasdp
{
"mappings": {
"kafka_logs": {
"properties": {
"timestamp": {
"type": "date"
},
"log_level": {
"type": "string"
},
"message1": {
"type": "string"
},
"message2": {
"type": "string"
}
}
}
}
}
然后我试图发送这样的数据:
post /kafkasdp/kafka_logs
{
"timestamp": "2017-02-03 19:27:20,606",
"log_level": "INFO",
"message2": "Deleting segment 1 from log omega-replica-sync-dev-8. (kafka.log.Log)"
}
但不断收到此错误:
{
"error": {
"root_cause": [
{
"type": "mapper_parsing_exception",
"reason": "failed to parse [timestamp]"
}
],
"type": "mapper_parsing_exception",
"reason": "failed to parse [timestamp]",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "Invalid format: \"2017-02-03 19:27:20,606\" is malformed at \" 19:27:20,606\""
}
},
"status": 400
}
我以为我的时间戳是有效的日期类型?
阅读Elasticsearch 参考中的日期类型:您应该在文档中指定您期望的日期格式:
PUT your_index_name
{
"mappings": {
"your_index_type": {
"properties": {
"date": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss,SSS"
}
}
}
}
}
由于您没有指定它,Elasticsearch 将期望 ISO 格式的日期值:(
yyyyMMdd'T'HHmmss.SSS'Z'例如,2017-02-03T19:27:20.606Z)
| 归档时间: |
|
| 查看次数: |
7373 次 |
| 最近记录: |