我有以下JSON日志,我输入logstash并输出到ElasticSearch。当“@timestamp”在日志中时,该记录不会出现在Kibana中。但是,当我将日志中的JSON字段重命名为“timestamp”(删除@)时,它将起作用。我该如何解决这个问题,以便它正确地使用@timestamp字段拾取条目?谢谢。Kibana没有使用@timestamp字段获取记录
JSON登录:
{
"@timestamp": "2017-02-14T15:55:05.070Z",
"@version": "1",
"action": "create",
"controller": "MyController",
"db": 10.51,
"duration": 40.77,
"format": "json",
"message": "[200] POST /api/mycontroller (MYCONTROLLER#create)",
"method": "POST",
"path": "/api/mycontroller",
"remote_ip": "55.11.99.000",
"status": 200,
"user_id": 8888,
"view": 12.91
}
logstash.conf
input {
tcp {
port => 5000
}
}
filter {
json {
source => "message"
}
}
output {
elasticsearch {
hosts => "elasticsearch:9200"
}
stdout {codec => rubydebug}
}