Elasticsearch Data Stream 与索引模板管理实践

索引模板（启用 data_stream）：

PUT _index_template/logs-template
{
  "index_patterns": ["logs-*"],
  "data_stream": {},
  "template": {
    "mappings": {
      "properties": {
        "@timestamp": { "type": "date" },
        "message": { "type": "text" }
      }
    }
  }
}

创建数据流并写入：

PUT _data_stream/logs

POST /logs/_doc
{
  "@timestamp": "2025-11-26T10:00:00Z",
  "message": "service started"
}

查看数据流：

GET _data_stream/logs