This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
elasticsearch [2018/01/18 17:06] k2patel [Quick Commands] |
elasticsearch [2018/01/18 22:20] k2patel [Templates] |
||
---|---|---|---|
Line 23: | Line 23: | ||
==== Templates ==== | ==== Templates ==== | ||
+ | === Filebeat Template apache2 module === | ||
+ | <code json> | ||
+ | { | ||
+ | "template": "filebeat-*", | ||
+ | "version": 50001, | ||
+ | "settings": { | ||
+ | "index.refresh_interval": "5s", | ||
+ | "number_of_replicas": 0 | ||
+ | }, | ||
+ | "mappings": { | ||
+ | "_default_": { | ||
+ | "dynamic_templates": [ | ||
+ | { | ||
+ | "message_field": { | ||
+ | "path_match": "message", | ||
+ | "match_mapping_type": "string", | ||
+ | "mapping": { | ||
+ | "type": "text", | ||
+ | "norms": false | ||
+ | } | ||
+ | } | ||
+ | }, | ||
+ | { | ||
+ | "string_fields": { | ||
+ | "match": "*", | ||
+ | "match_mapping_type": "string", | ||
+ | "mapping": { | ||
+ | "type": "text", | ||
+ | "norms": false, | ||
+ | "fields": { | ||
+ | "keyword": { | ||
+ | "type": "keyword", | ||
+ | "ignore_above": 256 | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | ], | ||
+ | "properties": { | ||
+ | "@timestamp": { | ||
+ | "type": "date" | ||
+ | }, | ||
+ | "@version": { | ||
+ | "type": "keyword" | ||
+ | }, | ||
+ | "geoip": { | ||
+ | "dynamic": true, | ||
+ | "properties": { | ||
+ | "ip": { | ||
+ | "type": "ip" | ||
+ | }, | ||
+ | "location": { | ||
+ | "type": "geo_point" | ||
+ | }, | ||
+ | "latitude": { | ||
+ | "type": "half_float" | ||
+ | }, | ||
+ | "longitude": { | ||
+ | "type": "half_float" | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | </code> | ||
==== Errors ==== | ==== Errors ==== | ||