-
-
Save hidepin/82f6d2c67faa5b47b61c to your computer and use it in GitHub Desktop.
multi
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "template" : "apache_log*", | |
| "settings" : { | |
| "index" : { | |
| "analysis" : { | |
| "filter" : { | |
| "method_filter" : { | |
| "type" : "pattern_replace", | |
| "pattern" : " .*", | |
| "replacement" : "" | |
| }, | |
| "url_filter" : { | |
| "type" : "pattern_replace", | |
| "pattern" : "^[A-Z]+|\\?.*", | |
| "replacement" : "" | |
| }, | |
| "api_filter" : { | |
| "type" : "pattern_replace", | |
| "pattern" : "\\ HTTP.*|\\?.*", | |
| "replacement" : "" | |
| }, | |
| "hash_filter" : { | |
| "type" : "pattern_replace", | |
| "pattern" : "[a-zA-Z0-9]{32}", | |
| "replacement" : "(hash)" | |
| } | |
| }, | |
| "analyzer" : { | |
| "method" : { | |
| "type" : "custom", | |
| "tokenizer" : "keyword", | |
| "filter" : [ "method_filter" ] | |
| }, | |
| "url" : { | |
| "type" : "custom", | |
| "tokenizer" : "keyword", | |
| "filter" : [ "url_filter" ] | |
| }, | |
| "api" : { | |
| "type" : "custom", | |
| "tokenizer" : "keyword", | |
| "filter" : [ "api_filter" ] | |
| }, | |
| "hash_api" : { | |
| "type" : "custom", | |
| "tokenizer" : "keyword", | |
| "filter" : [ "api_filter", "hash_filter" ] | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "mappings" : { | |
| "www1" : { | |
| "properties" : { | |
| "remote-host" : { | |
| "type" : "string", | |
| "index" : "not_analyzed" | |
| }, | |
| "request-header-Referer" : { | |
| "type" : "string", | |
| "index" : "not_analyzed" | |
| }, | |
| "request-header-User-Agent" : { | |
| "type" : "multi_field", | |
| "fields" : { | |
| "request-header-User-Agent" : { | |
| "type" : "string", | |
| "index" : "analyzed" | |
| }, | |
| "full" : { | |
| "type" : "string", | |
| "index" : "not_analyzed" | |
| } | |
| } | |
| }, | |
| "request-line" : { | |
| "type" : "multi_field", | |
| "fields" : { | |
| "request-line" : { | |
| "type" : "string", | |
| "index" : "analyzed" | |
| }, | |
| "method" : { | |
| "type" : "string", | |
| "index" : "analyzed", | |
| "analyzer" : "method" | |
| }, | |
| "url" : { | |
| "type" : "string", | |
| "index" : "analyzed", | |
| "analyzer" : "url" | |
| }, | |
| "api" : { | |
| "type" : "string", | |
| "index" : "analyzed", | |
| "analyzer" : "api" | |
| }, | |
| "hash_api" : { | |
| "type" : "string", | |
| "index" : "analyzed", | |
| "analyzer" : "hash_api" | |
| }, | |
| "full" : { | |
| "type" : "string", | |
| "index" : "not_analyzed" | |
| } | |
| } | |
| }, | |
| "request-process-time-us" : { | |
| "type" : "long" | |
| }, | |
| "request-time" : { | |
| "type" : "date", | |
| "format" : "dateOptionalTime" | |
| }, | |
| "response-status" : { | |
| "type" : "long" | |
| }, | |
| "response-total-bytes" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "www2" : { | |
| "properties" : { | |
| "remote-host" : { | |
| "type" : "string", | |
| "index" : "not_analyzed" | |
| }, | |
| "request-header-Referer" : { | |
| "type" : "string", | |
| "index" : "not_analyzed" | |
| }, | |
| "request-header-User-Agent" : { | |
| "type" : "multi_field", | |
| "fields" : { | |
| "request-header-User-Agent" : { | |
| "type" : "string", | |
| "index" : "analyzed" | |
| }, | |
| "full" : { | |
| "type" : "string", | |
| "index" : "not_analyzed" | |
| } | |
| } | |
| }, | |
| "request-line" : { | |
| "type" : "multi_field", | |
| "fields" : { | |
| "request-line" : { | |
| "type" : "string", | |
| "index" : "analyzed" | |
| }, | |
| "method" : { | |
| "type" : "string", | |
| "index" : "analyzed", | |
| "analyzer" : "method" | |
| }, | |
| "url" : { | |
| "type" : "string", | |
| "index" : "analyzed", | |
| "analyzer" : "url" | |
| }, | |
| "api" : { | |
| "type" : "string", | |
| "index" : "analyzed", | |
| "analyzer" : "api" | |
| }, | |
| "hash_api" : { | |
| "type" : "string", | |
| "index" : "analyzed", | |
| "analyzer" : "hash_api" | |
| }, | |
| "full" : { | |
| "type" : "string", | |
| "index" : "not_analyzed" | |
| } | |
| } | |
| }, | |
| "request-process-time-us" : { | |
| "type" : "long" | |
| }, | |
| "request-time" : { | |
| "type" : "date", | |
| "format" : "dateOptionalTime" | |
| }, | |
| "response-status" : { | |
| "type" : "long" | |
| }, | |
| "response-total-bytes" : { | |
| "type" : "long" | |
| } | |
| } | |
| }, | |
| "www3" : { | |
| "properties" : { | |
| "remote-host" : { | |
| "type" : "string", | |
| "index" : "not_analyzed" | |
| }, | |
| "request-header-Referer" : { | |
| "type" : "string", | |
| "index" : "not_analyzed" | |
| }, | |
| "request-header-User-Agent" : { | |
| "type" : "multi_field", | |
| "fields" : { | |
| "request-header-User-Agent" : { | |
| "type" : "string", | |
| "index" : "analyzed" | |
| }, | |
| "full" : { | |
| "type" : "string", | |
| "index" : "not_analyzed" | |
| } | |
| } | |
| }, | |
| "request-line" : { | |
| "type" : "multi_field", | |
| "fields" : { | |
| "request-line" : { | |
| "type" : "string", | |
| "index" : "analyzed" | |
| }, | |
| "method" : { | |
| "type" : "string", | |
| "index" : "analyzed", | |
| "analyzer" : "method" | |
| }, | |
| "url" : { | |
| "type" : "string", | |
| "index" : "analyzed", | |
| "analyzer" : "url" | |
| }, | |
| "api" : { | |
| "type" : "string", | |
| "index" : "analyzed", | |
| "analyzer" : "api" | |
| }, | |
| "hash_api" : { | |
| "type" : "string", | |
| "index" : "analyzed", | |
| "analyzer" : "hash_api" | |
| }, | |
| "full" : { | |
| "type" : "string", | |
| "index" : "not_analyzed" | |
| } | |
| } | |
| }, | |
| "request-process-time-us" : { | |
| "type" : "long" | |
| }, | |
| "request-time" : { | |
| "type" : "date", | |
| "format" : "dateOptionalTime" | |
| }, | |
| "response-status" : { | |
| "type" : "long" | |
| }, | |
| "response-total-bytes" : { | |
| "type" : "long" | |
| } | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment