ELK/elasticsearch
임시 - 주말간 정리
파아랑새
2019. 1. 8. 22:33
input {
stdin { codec => json }
}
filter {
mutate {
remove_field => ["@version", "@timestamp", "host"]
}
}
output {
elasticsearch {
hosts => "localhost"
index => today190108
}
}
=====================================================
. aggs : ?
. cardinality : ?
--------------------------------------------------
POST today190108/_search?size=10
{
"aggs": {
"NAME": {
"cardinality": {
"field": "data"
}
}
}
}
=====================================================
GET today190108/_search
{
"size": 0,
"aggs": {
"NAME": {
"filters": {
"filters": [
{"match" : { "data" : 10}},
{"match" : { "data" : 11}}
]
}
}
}
}