在logstash中创建季度索引
[英]create quarterly index in logstash
问题描述
hi i am trying to create quarterly index in ES using log-stash , i know how to create index weekly in log-stash here is my piece of configuration - 
嗨,我正在尝试使用log-stash在ES中创建季度索引,我知道如何在log-stash中每周创建索引,这是我的配置-
> output {
> elasticsearch {
> hosts => "localhost"
> index => "logstash-%{+xxxx.ww}"
>
>
> }
> stdout{}
> }
but how can i create quarterly index or how we can have month in any variable so i can calculate the quarter . 但是我如何创建季度指数或如何在任何变量中使用月,这样我就可以计算季度了。 thanks 谢谢
1 个解决方案
解决方案1
2 已采纳 2018-04-03 11:37:53
Date math currently doesn't support specifying quarters Q and an issue is still open to improve upon this. 日期数学当前不支持指定季度Q , 因此仍需改进。
Ideally it would be nice if we could circumvent this shortcoming with something like now-3M/3M but multiples of rounding are not supported either. 理想情况下,如果我们可以使用now-3M/3M类的东西来规避此缺点,那将是很好的选择,但是也不支持舍入的倍数。
Until the issue is resolved, one solution would be to use monthly indices and when a quarter has gone, reindex the three previous monthly indices into a single quarter index. 在问题解决之前,一种解决方案是使用月度索引,当一个季度结束后,将之前的三个月度索引重新索引为一个季度索引。
Another solution is to compute the quarter beforehand in a Logstash ruby filter and then use it in the elasticsearch output, like this: 另一个解决方案是预先计算季度在Logstash ruby过滤,然后在用它elasticsearch输出,如下所示:
filter {
ruby {
code => "event.set('quarter', Date.today.year + '-' + (Date.today.month / 3.0).ceil)"
}
}
output {
elasticsearch {
hosts => "localhost"
index => "logstash-%{quarter}"
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.