那些遇到过的问题

小编tri*_*leb的帖子

Elasticsearch 字段限制超过 1000

有人可以帮忙吗?我需要修复该错误,以便 S3 中的 CloudTrail 日志可以发送到 Logstash ES 并在 Kibana 中查看。无法弄清楚如何将字段限制提高到更高。我的配置看起来像

input {
   s3 {
     bucket => "sample-s3bucket"
     region => "eu-west-1"
     type => "cloudtrail"
     codec => cloudtrail {}
     sincedb_path => "/tmp/logstash/cloudtrail"
     exclude_pattern => "/CloudTrail-Digest/"
     interval => 300
   }
}

filter {
    if [type] == "cloudtrail" {
        json {
            source => "message"
        }

        geoip {
            source => "sourceIPAddress"
            target => "geoip"
            add_tag => ["cloudtrail-geoip"]
        }
    }
}

output {
    elasticsearch {
      hosts => "coordinate_node:9200"
      index => 'cloudtrail-%{+YYYY.MM.dd}'
         }
    stdout {
     codec => …
Run Code Online (Sandbox Code Playgroud)

geoip elasticsearch logstash amazon-cloudtrail kibana-6

tri*_*leb
2018 10-05
2
推荐指数
1
解决办法
1万
查看次数

标签 统计

amazon-cloudtrail ×1

elasticsearch ×1

geoip ×1

kibana-6 ×1

logstash ×1