使用elk时,search时默认带有分词功能,搜索关键字并不精准,为方便search查询,将分词功能禁用:
curl -XPUT http://localhost:9200/_template/template_1 -d ‘{
"template" : "*",
"order":0,
"settings":{
"number_of_shards":5
},
"mappings":{
"fluentd":{
"properties":{
"request_dir":{"type":"string","index":"not_analyzed"},
"http_user_agent":{"type":"string","index":"not_analyzed"}
}
}
}
}‘
其中:not_analyzed参数是禁用分词。analyzed:启用分词
时间: 2024-11-02 18:08:22