Skip to content

Instantly share code, notes, and snippets.

@thomasdarimont

thomasdarimont/SetupCustomGraylogMappings.md

Last active January 5, 2019 01:20
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save thomasdarimont/a8d849b458c2db40de9dd2909c2c19d7 to your computer and use it in GitHub Desktop.
Save thomasdarimont/a8d849b458c2db40de9dd2909c2c19d7 to your computer and use it in GitHub Desktop.
Download ZIP
Add custom mappings to graylog (elasticsearch) for additional parameters (_MessageParam0...N) added by GELF Logger
Raw
SetupCustomGraylogMappings.md

Create custom mappings

cat << EOF > graylog-custom-mapping.json
{
  "template": "graylog_*",
  "mappings" : {
    "message" : {
      "properties" : {
        "MessageParam0" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "MessageParam1" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "MessageParam2" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "MessageParam3" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "MessageParam5" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "MessageParam6" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "MessageParam7" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "MessageParam8" : {
          "type" : "string",
          "index" : "not_analyzed"
        },
        "MessageParam9" : {
          "type" : "string",
          "index" : "not_analyzed"
        }
      }
    }
  }
}
EOF

Apply custom mappings for Graylog to elasticsearch

curl -X PUT -d @'graylog-custom-mapping.json' 'http://elasticsearch-server:9200/_template/graylog-custom-mapping?pretty'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment