使用elk时,search时默认带有分词功能,搜索关键字并不精准,为方便search查询,将分词功能禁用:

curl -XPUT http://localhost:9200/_template/template_1 -d '{

"template" : "*",

"order":0,

"settings":{

"number_of_shards":5

},

"mappings":{

"fluentd":{

"properties":{

"request_dir":{"type":"string","index":"not_analyzed"},

"http_user_agent":{"type":"string","index":"not_analyzed"}

}

}

}

}'

其中:not_analyzed参数是禁用分词。analyzed:启用分词