我使用logstash + elasticsearch来收集syslog,并希望将ttl设置为日志老化
我在logstash中找到一个名为elasticsearch-template.json的文件,路径为logstash/logstash-1.4.2/lib/logstash/outputs/elasticsearch/elasticsearch-template.json
我在文件中添加ttl信息,如下所示:
{
"template" : "logstash-*",
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"_default_" : {
"_all" : {"enabled" : true},
"dynamic_templates" : [ {
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : {
"type" : "string", "index" : "analyzed", "omit_norms" : true,
"fields" : {
"raw" : {"type": "string", "index" : "not_analyzed", "ignore_above" : 256}
}
}
}
} ],
"_ttl": {
"enabled": true,
"default": "1d"
},
"properties" : { …