- elasticsearch/
elasticsearch 日志存储时间戳在Elasticsearch中显示为文本
elasticsearch 日志存储时间戳在Elasticsearch中显示为文本
我正在使用Elasticsearch 7.3.1和Logstash 7.3.1。我试图使用日期过滤器将我的一个字段作为Elasticsearch时间戳。数据插入正确,但
@时间戳的类型即将出现文本。我该如何解决这个问题
我的输入时间戳类似于156740605794750813
。我的代码是:
input {
elasticsearch {
hosts => "x.x.x.x"
index => "raw"
docinfo => true
}
}
filter {
mutate {
convert => {
"timestamp" => "integer"
}
}
date {
match => ["timestamp", "UNIX_MS", "ISO8601"]
target => "@timestamp"
}
}
output {
elasticsearch {
index => "logs-%{app_name}"
document_id => "%{[@metadata][_id]}"
}
}
运行映射API后,我得到
"@timestamp" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
试试下面的代码
date {
match => [ "[timestamp]", "UNIX" ]
target => "[@timestamp]"
}