Created
May 14, 2012 23:40
-
-
Save nstielau/2698094 to your computer and use it in GitHub Desktop.
Enable ElasticSearch TTL for Graylog2Messages
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get the mapping | |
| >> curl http://127.0.0.1:9200/graylog2/message/_mapping|python -mjson.tool | |
| { | |
| "message": { | |
| "properties": { | |
| "_hostname": { | |
| "type": "string" | |
| }, | |
| "created_at": { | |
| "type": "double" | |
| }, | |
| "facility": { | |
| "type": "string" | |
| }, | |
| "full_message": { | |
| "type": "string" | |
| }, | |
| "host": { | |
| "type": "string" | |
| }, | |
| "level": { | |
| "type": "long" | |
| }, | |
| "line": { | |
| "type": "long" | |
| }, | |
| "message": { | |
| "type": "string" | |
| }, | |
| "streams": { | |
| "type": "string" | |
| } | |
| } | |
| } | |
| } | |
| # Add the TTL period to the mapping schema, with optional default in days | |
| curl http://127.0.0.1:9200/graylog2/message/_mapping -XPUT -d ' | |
| > { | |
| > "message": { | |
| > "_ttl" : { "enabled" : true, "default" : "30d" }, | |
| > "properties": { | |
| > "_hostname": { | |
| > "type": "string" | |
| > }, | |
| > "created_at": { | |
| > "type": "double" | |
| > }, | |
| > "facility": { | |
| > "type": "string" | |
| > }, | |
| > "full_message": { | |
| > "type": "string" | |
| > }, | |
| > "host": { | |
| > "type": "string" | |
| > }, | |
| > "level": { | |
| > "type": "long" | |
| > }, | |
| > "line": { | |
| > "type": "long" | |
| > }, | |
| > "message": { | |
| > "type": "string" | |
| > }, | |
| > "streams": { | |
| > "type": "string" | |
| > } | |
| > } | |
| > } | |
| > }' | |
| {"ok":true,"acknowledged":true} | |
| # OK and acknowledged, let's take another look at the mapping: | |
| >> curl http://127.0.0.1:9200/graylog2/message/_mapping | |
| { | |
| "message": { | |
| "_ttl": { | |
| "default": 2592000000 | |
| }, | |
| "properties": { | |
| "_hostname": { | |
| "type": "string" | |
| }, | |
| "created_at": { | |
| "type": "double" | |
| }, | |
| "facility": { | |
| "type": "string" | |
| }, | |
| "full_message": { | |
| "type": "string" | |
| }, | |
| "host": { | |
| "type": "string" | |
| }, | |
| "level": { | |
| "type": "long" | |
| }, | |
| "line": { | |
| "type": "long" | |
| }, | |
| "message": { | |
| "type": "string" | |
| }, | |
| "streams": { | |
| "type": "string" | |
| } | |
| } | |
| } | |
| } | |
| # Looks good! |
I'm on 0.19.3. Not sure when this was introduced, but pretty sure it was after 0.18.7.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I can't get this work with ES 0.18.7 which is required by logstash.
What ES version are you using?