- elasticsearch/
elasticsearch Logstash-尝试创建已用过滤器
elasticsearch Logstash-尝试创建已用过滤器
我正在尝试创建已用过滤器,但未显示已用字段。 这是输入:
statement => "SELECT TRANSACTION_ID, COMMUNICATION_ID,
BROKER_NAME, IS_NAME, SERVICE_NAME, OPERATION_NAME, OPERATION_VERSION, MESSAGE_TYPE, APPROACH, CLIENT_ID,
APPLICATION_ID, EXT_SESSION_ID, EXT_TRANSACTION_ID, EXT_ORIGIN, LANG_CODE, EXT_HOST, APPLICATION, CHANNEL,
NUM_RETRIES, STATUS_CODE, STATUS_MSG, DATE_CREATED,
DESTINATION_HOST, OPERATION_ID
FROM IIB_OPER.COMMUNICATION_LOG
WHERE DATE_CREATED > '2018-07-20'"
filter {
if [message_type] == "Req" {
mutate {
add_tag => [ "taskStarted" ]
}
}
if [message_type] == "Res" {
mutate {
add_tag => [ "taskTerminated" ]
}
}
elapsed {
unique_id_field => "operation_id"
start_tag => "taskStarted"
end_tag => "taskTerminated"
timeout => 20000
new_event_on_match => true
}
}
干杯,回答我自己的问题。。。 问题是我正试图将JSON中已经存在的一列转换为Elastic,以使另一个临时日期生效
date {
match => [ "temp_date", "yyyy-MM-dd HH:mm:ss,SSS"]
}
if [message_type] == "Req" {
mutate {
add_tag => [ "taskStarted" ]
}
}
if [message_type] == "Res" {
mutate {
add_tag => [ "taskTerminated" ]
}
}
elapsed {
unique_id_field => "operation_id"
start_tag => "taskStarted"
end_tag => "taskTerminated"
timeout => 30
}