TechQA.

Mapping ElasticSearch apache module field

140 views Asked by At

I am new to ES and I am facing a little problem I am struggling with.

I integrated metricbeat apache module with ES and the it works fine.

The problem is that metricbeat apache module reports the KB of web traffic of apache (field apache.status.total_kbytes), instead I would like to create my own field, the name of which would be "apache.status.total_mbytes).

I am trying to create a new mapping via Dev Console using the followind api commands:

PUT /metricbeat-7.2.0/_mapping
{
  "settings":{

  },
      "mappings" : {
      "apache.status.total_mbytes" : {
        "full_name" : "apache.status.total_mbytes",
        "mapping" : {
          "total_mbytes" : {
            "type" : "long"
          }
        }
      }
    }
}

Still ES returns the following error:

{
  "error" : {
    "root_cause" : [
      {
        "type" : "mapper_parsing_exception",
        "reason" : "Root mapping definition has unsupported parameters:  [settings : {}] [mappings : {apache.status.total_mbytes={mapping={total_mbytes={type=long}}, full_name=apache.status.total_mbytes}}]"
      }
    ],
    "type" : "mapper_parsing_exception",
    "reason" : "Root mapping definition has unsupported parameters:  [settings : {}] [mappings : {apache.status.total_mbytes={mapping={total_mbytes={type=long}}, full_name=apache.status.total_mbytes}}]"
  },
  "status" : 400
}

FYI

The following may shed some light

GET /metricbeat-*/_mapping/field/apache.status.total_kbytes

Returns

{
  "metricbeat-7.9.2-2020.10.06-000001" : {
    "mappings" : {
      "apache.status.total_kbytes" : {
        "full_name" : "apache.status.total_kbytes",
        "mapping" : {
          "total_kbytes" : {
            "type" : "long"
          }
        }
      }
    }
  },
  "metricbeat-7.2.0-2020.10.05-000001" : {
    "mappings" : {
      "apache.status.total_kbytes" : {
        "full_name" : "apache.status.total_kbytes",
        "mapping" : {
          "total_kbytes" : {
            "type" : "long"
          }
        }
      }
    }
  }
}

What am I missing? Is the _mapping command wrong?

Thanks in advance,

apache elasticsearch elk metricbeat
Original Q&A
1

There are 1 answers

0
Assael Azran On BEST ANSWER

A working example:

Create new index

PUT /metricbeat-7.2.0
{
  "settings": {},
  "mappings": {
    "properties": {
      "apache.status.total_kbytes": {
          "type": "long"
        }
    }
  }
}

Then GET metricbeat-7.2.0/_mapping/field/apache.status.total_kbytes will result in (same as your example):

{
  "metricbeat-7.2.0" : {
    "mappings" : {
      "apache.status.total_kbytes" : {
        "full_name" : "apache.status.total_kbytes",
        "mapping" : {
          "total_kbytes" : {
            "type" : "long"
          }
        }
      }
    }
  }
}

Now if you want to add a new field to an existing mapping use the API this way:

Update an existing index

PUT /metricbeat-7.2.0/_mapping
{
  "properties": {
    "total_mbytes": {
      "type": "long"
    }
  }
}

Then GET metricbeat-7.2.0/_mapping will show you the updated mapping:

{
 "metricbeat-7.2.0" : {
    "mappings" : {
      "properties" : {
        "apache" : {
          "properties" : {
            "status" : {
              "properties" : {
                "total_kbytes" : {
                  "type" : "long"
                }
              }
            }
          }
        },
        "total_mbytes" : {
          "type" : "long"
        }
      }
    }
  }
}

Also, take a look at Put Mapping Api

Related Questions in APACHE

Related Questions in ELASTICSEARCH

Related Questions in ELK

Related Questions in METRICBEAT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions