2

我目前正在 Elasticsearch 6.3 中测试新的汇总 API,我想知道是否有任何方法可以配置汇总作业,以便像 Logstash 在摄取数据时那样根据时间戳动态创建索引?用例是尝试汇总大量时间序列网络性能报告数据,我担心即使是每小时汇总也会创建一个巨大的索引来管理,所以我希望将其拆分为每天的每小时汇总一个索引.

当前汇总作业配置:

{
    "index_pattern": "dxs-raw-*",
    "rollup_index": "dxs-hourly-%{+YYYY.MM.dd}",
    "cron": "* */15 * * * ?",
    "page_size": 1000,
    "groups": {
        "date_histogram": {
            "field": "@timestamp",
            "interval": "1h",
            "delay": "12h"
        },
        "terms": {
            "fields": ["ci_id.keyword", "client_id.keyword", "element_name.keyword", "measurement.keyword", "source_management_platform.keyword", "unit.keyword"]
        }
    },
    "metrics": [
        {
            "field": "value",
            "metrics": ["min", "max", "avg"]
        }
    ]
}

通过 Kibana DevTools 控制台 PUT 作业时出现错误:

    {
    "error": {
        "root_cause": [
        {
            "type": "invalid_index_name_exception",
            "reason": "Invalid index name [dxs-hourly-%{+YYYY.MM.dd}], must be lowercase",
            "index_uuid": "_na_",
            "index": "dxs-hourly-%{+YYYY.MM.dd}"
        }
        ],
        "type": "runtime_exception",
        "reason": "runtime_exception: Could not create index for rollup job [dxs-hourly]",
        "caused_by": {
        "type": "invalid_index_name_exception",
        "reason": "Invalid index name [dxs-hourly-%{+YYYY.MM.dd}], must be lowercase",
        "index_uuid": "_na_",
        "index": "dxs-hourly-%{+YYYY.MM.dd}"
        }
    },
    "status": 500
}
4

1 回答 1

1

从 6.4 版开始,这是不可能的,但这里提出了新的增强功能。 当最终解决方案发布时,我将使用我们拥有的实现来更新这个答案。

于 2018-08-27T00:57:33.753 回答