[英]What is the logstash “mutate” equivalent in ELasticsearch Ingestion API
I am using filebeat-5.2, logstash-5.2 and AWS Elastic Search Service-5.1. 我正在使用filebeat-5.2,logstash-5.2和AWS Elastic Search Service-5.1。 Here I have my existing grok pattern defined in logstash
在这里,我在logstash中定义了现有的grok模式
grok{
match => "\[%{DAY:day} %{MONTH:month} %{MONTHDAY:monthday} %{TIME:time} %{YEAR:year}\]"
}
mutate {
add_field => {
"timestamp" => "\[%{DAY:day} %{MONTH:month} %{MONTHDAY:monthday} %{TIME:time} %{YEAR:year}\]"
}
}
And I am trying to define the equivalent grok processor in Ingestion API. 我正在尝试在Ingestion API中定义等效的grok处理器。
PUT _ingest/pipeline/pipe_celery_log
{
"processors": [
{
"patterns": ["\\[%{DAY:day} %{MONTH:month} %{MONTHDAY:monthday} %{TIME:time} %{YEAR:year}\\]"]
....................
Is there any method so that I can define mutate in Ingestion API to extract the fields for my timestamp. 有什么方法可以让我在Ingestion API中定义mutate来提取时间戳记的字段。
I am pretty new to Ingestion API here. 我对此处的Ingestion API相当陌生。 Please help me if anyone could solved this.
如果有人能解决这个问题,请帮助我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.