按日期对ES的index进行分割:
logstash配置:
input{ file{ path => "/home/hottopic/logs/trend-shotting-api/metric/*" type => "trend-shotting-api-metric" start_position => "beginning" codec => json { charset => "UTF-8" } } } output{ if [type] == "trend-shotting-api-metric" { elasticsearch { hosts=> ["172.17.213.60:9200"] index=> "trend-shotting-api-metrick.%{+YYYY-MM}" } } }
grafana源配置:(注意日期格式要统一,比如YYYY-MM或YYYY.MM)
配置Groub by -Terms时报错,提示需要设置fielddata=true,报错内容大概如下:
"Fielddata is disabled on text fields by default ... "
解决方法如下:
https://www.elastic.co/guide/en/elasticsearch/reference/current/fielddata.html#_fielddata_is_disabled_on_literal_text_literal_fields_by_default
curl -X PUT "localhost:9200/nginx/_mapping/doc" -H 'Content-Type: application/json' -d' { "properties": { "xforward": { "type": "text", "fielddata": true } } } '
操作后仍然报错,于是
curl -X PUT "localhost:9200/nginx/_mapping/doc?update_all_types" -H 'Content-Type: application/json' -d' { "properties": { "xforward": { "type": "text", "fielddata": true } } } '
以上nginx为index名称 xforward为字段名称。
修改完后查看结果显示已修改成功
返回到Grafana进行再一次设置
修改成功后,可以正常出图。