堆栈内存溢出
  简体   繁体   English

使用无痛的 Kibana 脚本字段:如何使用预先存在的索引查找经过的天数

[英]Kibana scripted fields using painless: How to find number of days passed using a preexisting index

 原文  2022-07-07 21:05:10       elasticsearch/ kibana/ elk/ elasticsearch-painless/ datetime-conversion

问题描述

I have a bunch of data in Kibana that I need to clean up by using an scripted field with "painless" which is a version of Java.我在 Kibana 中有一堆数据,我需要使用带有“无痛”(Java 版本)的脚本字段来清理这些数据。 At the moment I have an preexisting index in my logs with a date in this format "2021-09-27T13:54:17.165Z" I need to find how many days its been since that day until today whenever this search is ran, if its over or at 300 days it needs to return false if its lower true.目前,我的日志中有一个预先存在的索引,其日期格式为“2021-09-27T13:54:17.165Z” ,如果运行此搜索,我需要找出从那天到今天的天数它超过或超过 300 天,如果它较低的 true 则需要返回 false。

I was trying this to get number of days its been: new Date().getTime() - doc['date'].value;我正在尝试获取它的天数: new Date().getTime() - doc['date'].value;

I was on stack overflow I saw someone said that new Date().getTime() will give you todays date.我在堆栈溢出时看到有人说 new Date().getTime() 会给你今天的日期。 But I think the issue is that the time format for new Date().getTime() returns time in the format of 1657151078131 but my index date is in "2021-09-27T13:54:17.165Z" I am not sure how to convert it in order to find the displacement of less or more than 300 days.但我认为问题在于 new Date().getTime() 的时间格式以 1657151078131 的格式返回时间,但我的索引日期为“2021-09-27T13:54:17.165Z”我不知道如何转换它以找到少于或多于 300 天的位移。

Any help will be greatly appreciated任何帮助将不胜感激

#ELK #elasticsearch #kibana #elastic #ELK #elasticsearch #kibana #elastic

1 个解决方案

解决方案1
 0  2022-07-08 15:51:20

Tldr;特长;

You have an issue converting everything.您在转换所有内容时遇到问题。 new Date().getTime() -> gives a Long "2021-09-27T13:54:17.165Z" -> a string new Date().getTime() -> 给出一个 Long "2021-09-27T13:54:17.165Z" -> 一个字符串

To Solve解决

You need to make move them to the same format.您需要将它们移动到相同的格式。 Below I am converting the date in a string format to a ZonedDateTime then to a long .下面我将string格式的日期转换为ZonedDateTime然后转换为long

new Date().getTime() - ZonedDateTime.parse("2021-09-27T13:54:17.165Z").toInstant().toEpochMilli() > 25920000000L;

That one way to go about it.这是一种解决方法。 You can learn more about painless and time formats here您可以在此处了解有关无痛和时间格式的更多信息

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在没有正则表达式的情况下使用脚本字段从日志字段中搜索子字符串 - How to search substring from log field using the scripted fields in painless without regex Elasticsearch:如何在脚本字段中轻松进行“分组”? - Elasticsearch : How to do 'group by' with painless in scripted fields? 如何使用 Kibana 脚本字段在嵌套字段中获取值? - How to get value in nested field using Kibana scripted field? Kibana 脚本化字段排序 - Kibana scripted fields sort Kibana 脚本化字段 - Kibana scripted fields 在 Kibana 中使用脚本字段作为时间变量 - Using Scripted field as time variable in Kibana Kibana 4中if / else条件的脚本字段 - Scripted Fields for if/else condition in Kibana 4 如何在弹性搜索中使用脚本字段时返回所有字段 - how to return all fields when using scripted fields in elastic search Kibana不使用现有的.kibana索引 - Kibana not using existing .kibana index 我如何在 kibana 脚本字段上获取数字类型的值 - How i can take the value of a number type on kibana scripted field
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM