Filter Logstash替换@timestamp_Filter_<img Src="//i.stack.imgur.com/RUiNP.png" Height="16" Width="18" Alt="" Class="sponsor Tag Img">elasticsearch_Logstash

Filter Logstash替换@timestamp

filter logstash

Filter Logstash替换@timestamp,filter,elasticsearch,logstash,Filter,elasticsearch,Logstash,我正在使用logstash来跟踪我的日志。我使用文件作为输入，使用elasticsearch作为输出。我的配置文件如下所示： input{ file{ path => "C:\products.logs" format => "json" } } filter{ } output{ elasticsearch{ host => localhost } } {"ID":65464,"Name":"Tracker_562

我正在使用logstash来跟踪我的日志。我使用文件作为输入，使用elasticsearch作为输出。我的配置文件如下所示：

    input{
  file{
    path => "C:\products.logs"
    format => "json"
  }
}
filter{
}
output{
  elasticsearch{
    host => localhost
  }
}

    {"ID":65464,"Name":"Tracker_56213453.xml","sender_sent_time":"10/04/2014 14:14:40","insertion_time":"10/04/2014 14:14:40","Is_Valid":true}

该文件中填充了几行日志，每个日志如下所示：

    input{
  file{
    path => "C:\products.logs"
    format => "json"
  }
}
filter{
}
output{
  elasticsearch{
    host => localhost
  }
}

    {"ID":65464,"Name":"Tracker_56213453.xml","sender_sent_time":"10/04/2014 14:14:40","insertion_time":"10/04/2014 14:14:40","Is_Valid":true}

如您所见，有不止一个值保存时间格式。当我尝试添加此日期筛选器时：

    filter{
      date{
        match=>["insertion_time","dd/MM/YYYY HH:mm:ss"]
      }
    }

但它不起作用。我做错了什么？

谢谢。

日期的默认值是@timestamp。如果要就地转换，则需要添加一个target=>insertion\u time

过滤器应如下所示：

 filter{
  date{
    match=>["insertion_time","dd/MM/YYYY HH:mm:ss"]
    locale => "en"
    timezone => "UTC"
    target => ["insertion_time"]
  }
}

使用以下命令：

filter {
    # match date and time
    date {
        "match"  => ["insertion_time", "dd/MM/YYYY HH:mm:ss"]
        "target" => "insertion_time"
    }
}

您的日期不是一个…的dd/MM/YYYY。。。。