org.graylog2.indexer.IndexMapping5 Maven / Gradle / Ivy
/**
* This file is part of Graylog.
*
* Graylog is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Graylog is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Graylog. If not, see .
*/
package org.graylog2.indexer;
import com.google.common.collect.ImmutableMap;
import org.graylog2.plugin.Message;
import java.util.Map;
/**
* Representing the message type mapping in Elasticsearch 5.x. This is giving ES more
* information about what the fields look like and how it should analyze them.
*
* @see Elasticsearch Reference / Mapping
*/
public class IndexMapping5 extends IndexMapping {
@Override
protected Map> fieldProperties(String analyzer) {
return ImmutableMap.>builder()
.put("message", analyzedString(analyzer, false))
.put("full_message", analyzedString(analyzer, false))
// http://joda-time.sourceforge.net/api-release/org/joda/time/format/DateTimeFormat.html
// http://www.elasticsearch.org/guide/reference/mapping/date-format.html
.put("timestamp", typeTimeWithMillis())
.put(Message.FIELD_GL2_ACCOUNTED_MESSAGE_SIZE, typeLong())
.put(Message.FIELD_GL2_RECEIVE_TIMESTAMP, typeTimeWithMillis())
.put(Message.FIELD_GL2_PROCESSING_TIMESTAMP, typeTimeWithMillis())
// to support wildcard searches in source we need to lowercase the content (wildcard search lowercases search term)
.put("source", analyzedString("analyzer_keyword", true))
.put("streams", notAnalyzedString())
.build();
}
@Override
protected Map notAnalyzedString() {
return ImmutableMap.of("type", "keyword");
}
private Map analyzedString(String analyzer, boolean fieldData) {
return ImmutableMap.of(
"type", "text",
"analyzer", analyzer,
"fielddata", fieldData);
}
}