您可以做到,但是您需要自己构建整个结构。索引模式定义如下所示:
PUT .kibana/doc/index-pattern:<some-uuid>{ "type": "index-pattern", "updated_at": "2018-01-27T07:12:05.373Z", "index-pattern": { "title": "test*", "timeFieldName": "@timestamp", "fields": """ ... """, }}title
是索引模式的名称,如果通过UI创建索引模式,则输入的名称与您输入的名称相同timeFieldName
是时间戳字段的名称fields
是一个字符串,其中包含索引模式中所有字段定义的JSON数组(请参见下文)
字段定义如下所示:
[ { "name": "@timestamp", "type": "date", "count": 0, "scripted": false, "searchable": true, "aggregatable": true, "readFromDocValues": true }, { "name": "_id", "type": "string", "count": 0, "scripted": false, "searchable": true, "aggregatable": true, "readFromDocValues": false }, { "name": "_index", "type": "string", "count": 0, "scripted": false, "searchable": true, "aggregatable": true, "readFromDocValues": false }, { "name": "_score", "type": "number", "count": 0, "scripted": false, "searchable": false, "aggregatable": false, "readFromDocValues": false }, { "name": "_source", "type": "_source", "count": 0, "scripted": false, "searchable": false, "aggregatable": false, "readFromDocValues": false }, { "name": "_type", "type": "string", "count": 0, "scripted": false, "searchable": true, "aggregatable": true, "readFromDocValues": false }, { "name": "referer", "type": "string", "count": 0, "scripted": false, "searchable": true, "aggregatable": false, "readFromDocValues": false }, ...]因此,您需要为每个字段创建此数组,然后对其进行字符串化并将字符串放入
fields字段中。
这是代表索引模式的样本文档:
{ "type": "index-pattern", "updated_at": "2018-01-27T07:12:05.373Z", "index-pattern": { "title": "test*", "timeFieldName": "@timestamp", "fields": """[{"name":"@timestamp","type":"date","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"_id","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"_index","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"_score","type":"number","count":0,"scripted":false,"searchable":false,"aggregatable":false,"readFromDocValues":false},{"name":"_source","type":"_source","count":0,"scripted":false,"searchable":false,"aggregatable":false,"readFromDocValues":false},{"name":"_type","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":false},{"name":"referer","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"referer.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"status","type":"number","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true},{"name":"url","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},{"name":"url.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true}]""" } }
