【发布时间】:2017-10-11 09:39:10
【问题描述】:
我的 JSON 输入如下,其中包含日期字段,需要从 Json 中提取日期时间字段,
{
"Properties": {
"Client Name": "Chubb",
"Portfolio": "Chubb-Transfer"
},
"Capture": [
{
"CaptureGUID": "caa1f5ba-1e93-4926-b3ac-e30d0d9d4cbb",
"HTMLPath": "Captures\\C:\\",
"ScreenName": "Amdocs CRM - ClearCallCenter - [Console]",
"TimeStamp": "20170926110036"
},
{
"CaptureGUID": "0faf6b54-999f-4bfd-b8d0-e81a589f9185",
"HTMLPath": "Captures\\C:\\",
"ScreenName": "Microsoft Excel - 1.0.1 1.0.6 1.0.8 Match 3.0.6 Hit NAIC Optimized.xlsx",
"TimeStamp": "20170926105418"
}
]
}
我的 Logstash 配置如下,如何将字符串日期(“TimeStamp”:“20170926105418”)转换为日期格式。已更新完整的 Logstash 文件
input {
file {
type => "json"
path => "C:/ELK/data/Recordings/*.json"
start_position => beginning
codec => multiline {
pattern => "^{"
negate => "true"
what => "previous"
multiline_tag => "multi_tagged"
max_lines => 30000
}
}
}
filter{
date {
match => ["Capture.TimeStamp", "yyyyMMddHHmmss"]
target => "TimeStamp"
}
mutate {
replace => { "message" => "%{message}}" }
gsub => [ 'message','\n','']
}
json {
source => "message"
remove_field => ["message"]
}
}
output {
elasticsearch {
index => "test10"
}
stdout { codec => rubydebug }
}
【问题讨论】:
标签: json elasticsearch logstash