logstash@timestemp未使用日期筛选器更新_Logstash

logstash@timestemp未使用日期筛选器更新

logstash

logstash@timestemp未使用日期筛选器更新,logstash,Logstash,我有以下过滤器： date { match => [ "zeppelin_timestemp", "YYYY-MM-dd HH:mm:ss,SSS" ] add_field => { "debug" => "timestampMatched"} target = "@timestamp" } 输出为： { "message" => "INFO [2015-08-28 13:39:06,326] ({Thread-25} Zepp

我有以下过滤器：

date {
  match => [ "zeppelin_timestemp", "YYYY-MM-dd HH:mm:ss,SSS" ] 
  add_field => { "debug" => "timestampMatched"}
  target = "@timestamp"
  }

输出为：

 {
           "message" => "INFO [2015-08-28 13:39:06,326] ({Thread-25} ZeppelinServer.java[run]:122) - Bye\r",
          "@version" => "1",
        "@timestamp" => "2015-08-28T10:39:06.326Z",
              "host" => "127.0.0.1",
              "type" => "zeppelin",
         "log_level" => "INFO",
"zeppelin_timestemp" => "2015-08-28 13:39:06,326",
              "data" => "({Thread-25} ZeppelinServer.java[run]:122) - Bye\r",
              "tags" => [
    [0] "zeppelin_log_event"
],
             "debug" => "timestampMatched"

}

正如您所看到的，日期过滤器通过了ok，因为我设置了“debug”=>“timestampMatched”。而且未设置“@timestamp”=>“2015-08-28T10:39:06.326Z”

原始输入为：信息[2015-08-2813:39:06326]（{Thread-25}ZeppelinServer.java[run]：122）-再见

有什么帮助吗？

是的，设置正确，只是设置为UTC。我打赌你离UTC还有3个小时，对吗

最大的提示是毫秒值——我怀疑很少有站点在同一毫秒内生成、发送和处理日志