Logstash logdate类型问题

我想将日志日志记录为类型日期，但即使在应用日期过滤器后，我也会将'logdate'类型作为字符串获取。这里是我的过滤器：Logstash logdate类型问题

filter { 
    grok { 
     match => { "message" => "%{TIMESTAMP_ISO8601:logdate}\s%{LOGLEVEL:level} +: +%{WORD:USE_CASE} +: +%{WORD:STEP_DETAIL} +: +\[%{WORD:CIN}\] +: +(?<MID>([^\s]+)) +: +%{GREEDYDATA:MESSAGE_DETAILS}" } 
     add_field => [ "received_at", "%{@timestamp}" ] 
     add_field => [ "received_from", "%{host}" ] 
     add_tag => [ "level:%{level}" ] 
     add_tag => [ "USE_CASE:%{USE_CASE}" ] 
     add_tag => [ "CIN:%{CIN}" ] 
     add_tag => [ "MID-%{MID}" ] 
     } 
    date { 
     match => [ "logdate", "yyyy-MM-dd HH:mm:ss,SSS" ] 
      target => "@timestamp" 
     } 
    }

，这里是我打的命令

curl -XGET localhost:9200/_mapping?pretty

映射后得到的映射：

"logdate" : { 
    "type" : "string", 
    "norms" : { 
     "enabled" : false 
    }, 
    "fields" : { 
     "raw" : { 
     "type" : "string", 
     "index" : "not_analyzed", 
     "ignore_above" : 256 
     } 
    } 
    },

我在哪里做错了吗？任何建议？

来源

2015-05-04 Anand j. Kadhi

如果你想logdate场是一个日期字段，你需要使它的date过滤

date { 
    match => [ "logdate", "yyyy-MM-dd HH:mm:ss,SSS" ] 
    target => "logdate" 
}

这将不设置@timestamp同一事物的target，所以你可能要再次设置@timestamp。

来源

2015-05-04 13:39:36 Alcanzar

Logstash logdate类型问题

回答

相关问题