<img src="//i.stack.imgur.com/RUiNP.png" height="16" width="18" alt="" class="sponsor tag img">elasticsearch 自定义日期时间相同，但在grok date filter logstash中不匹配_<img Src="//i.stack.imgur.com/RUiNP.png" Height="16" Width="18" Alt="" Class="sponsor Tag Img">elasticsearch_Logstash_Logstash Grok_Logstash Configuration

elasticsearch 自定义日期时间相同，但在grok date filter logstash中不匹配

logstash

elasticsearch 自定义日期时间相同，但在grok date filter logstash中不匹配,elasticsearch,logstash,logstash-grok,logstash-configuration,elasticsearch,Logstash,Logstash Grok,Logstash Configuration,输入为逗号分隔的值： “2010-08-19”、“09:12:55”、“56095675” 我创建了自定义的date\u time字段，该字段的格式显示为正确的2010-08-19；09:12:55但不匹配 filter { grok { match => { "message" => '"(%{GREEDYDATA:cust_date})","(%{TIME:cust_time})","(%{NUMBER:author})"'} add_field => {

输入为逗号分隔的值： “2010-08-19”、“09:12:55”、“56095675”

我创建了自定义的

date\u time

字段，该字段的格式显示为正确的

2010-08-19；09:12:55

但不匹配

filter {
 grok {
    match => { "message" => '"(%{GREEDYDATA:cust_date})","(%{TIME:cust_time})","(%{NUMBER:author})"'}
    add_field => {
            "date_time" => "%{cust_date};%{cust_time}"
    }
}

date {
  match => ["date_time", "yyyy-MM-dd;hh:mm:ss"]
  target => "@timestamp"
  add_field => { "debug" => "timestampMatched"}
}

Kibana上的输出：

cust_date       August 18th 2010, 20:00:00.000
cust_time       09:12:55
date_time       2010-08-19;09:12:55
message         "2010-08-19","09:12:55","56095675"
tags        beats_input_codec_plain_applied, _dateparsefailure

它给出了

\u dateparsefailure

。这些字段似乎与匹配模式相同。我尝试了不同的时间格式，比如

YYYY-MM-dd；hh:mm:ss

和

YYYY-mm-dd；HH:mm:ss

我做错了什么？

救命啊

你应该把

日期

插件放在

过滤器

部分，就在

grok

下面

filter {
    grok {
        match => { "message" => '"(%{GREEDYDATA:cust_date})","(%{TIME:cust_time})","(%{NUMBER:author})"'}
    add_field => {
        "date_time" => "%{cust_date};%{cust_time}"
    }

    date {
        match => ["date_time", "yyyy-MM-dd;hh:mm:ss"]
        target => "@timestamp"
       add_field => { "debug" => "timestampMatched"}
    }
}