Fatal编程技术网
  • logstash/
  • Logstash 将csv文件作为时间戳进行日志存储

Logstash 将csv文件作为时间戳进行日志存储

logstash

Logstash 将csv文件作为时间戳进行日志存储,logstash,Logstash,试图将日期和时间字段组合为@timestamp。 这是我正在加载的csv文件 Date,Time,SWR,RSSI(dB),RxBt(V),Cels(gRe),Tmp2(@C),RPM(rpm),Tmp1(@C),Rud,Ele,Thr,Ail,S1,S2,S3,LS,RS,SA,SB,SC,SD,SE,SF,SG,SH, 2016-02-21,04:11:14.640,30,75,5.2,23.4,0,0,0,0,0,0,0,0,0,0,0,0,-1,-1,-1,-1,-1,-1,-

试图将日期和时间字段组合为@timestamp。 这是我正在加载的csv文件

     Date,Time,SWR,RSSI(dB),RxBt(V),Cels(gRe),Tmp2(@C),RPM(rpm),Tmp1(@C),Rud,Ele,Thr,Ail,S1,S2,S3,LS,RS,SA,SB,SC,SD,SE,SF,SG,SH,
2016-02-21,04:11:14.640,30,75,5.2,23.4,0,0,0,0,0,0,0,0,0,0,0,0,-1,-1,-1,-1,-1,-1,-1,-1,
以下是加载配置:

     input {  
      file {
      path => "/home/bkelley6/flights/*.csv"
      type => "flights"
      start_position => "beginning"
  }
}

filter {  
csv {
    columns => ["Date", "Time", "SWR", "RSSI(dB)", "RxBt(V)", "Cels(gRe)", "Tmp2(@C)", "RPM(rpm)", "Tmp1(@C)", "Rud", "Ele", "Thr", "Ail", "S1", "S2", "S3", "LS", "RS", "SA", "SB", "SC", "SD" ,"SE", "SF", "SG", "SH"]
    separator => ","
}

mutate {
    replace => [ "datetime", "%{Date} %{Time}" ]
    }

date {
   match => [ "datetime", "YYYY-MM-dd HH:mm:ss.SSS" ]
   timezone => "America/New_York"
   target => "@timestamp"
  }
}
output {  
     elasticsearch {
        action => "index"
        hosts => ["localhost:9200"]
        index => "logstash-%{+YYYY.MM.dd}"
        workers => 1
    }
}
以下是错误消息:

Failed parsing date from field {:field=>"datetime", :value=>"Date Time", :exception=>"Invalid format: \"Date Time\"", :config_parsers=>"YYYY-MM-dd HH:mm:ss.SSS", :config_locale=>"default=en_US", :level=>:warn}
Failed parsing date from field {:field=>"datetime", :value=>"2016-02-21 04:2016-02-21", :exception=>"Invalid format: \"2016-02-21 04:2016-02-21\" is malformed at \"16-02-21\"", :config_parsers=>"YYYY-MM-dd HH:mm:ss.SSS", :config_locale=>"default=en_US", :level=>:warn}
Failed parsing date from field {:field=>"datetime", :value=>"2016-02-21 17:2016-02-21", :exception=>"Invalid format: \"2016-02-21 17:2016-02-21\" is malformed at \"16-02-21\"", :config_parsers=>"YYYY-MM-dd HH:mm:ss.SSS", :config_locale=>"default=en_US", :level=>:warn}
我做错了什么?

文字“日期-时间”可能来自CSV数据的标题行。“Date”以%{Date}结尾,“Time”以%{Time}结尾,然后将其合并到一个字段中并尝试运行Date{}。其他日期值的格式不正确(“2016-02-21 04:2016-02-21”)。我会尝试一个最简单的配置(从csv开始)并使用stdout{}输出来确保首先一切看起来都很好。我只希望时间和日期作为@timestamp,而不是日期中的日志文件。错误消息意味着“datetime”没有按照您的预期设置……我同意,但这是如何解决的?