stackoom
  简体   繁体   中英

Logstash Elasticsearch output use parsed field from input file

 原文  2015-03-03 13:56:58       elasticsearch/ logstash

Question

I have a lot of old logfiles in the format drupallogYYYYMMDD that I want to throw in logstash and by default the elasticsearch output creates the index for today. I can overwrite that with index: "...." but is there a way to set this in the logstash conf file so it takes the YYYYMMDD from above and turn it into the naming convention logstash-YYYY-MM-DD ?

1 answers

solution1
 0 ACCPTED  2015-03-03 14:54:37

The index option of the elasticsearch output defaults to "logstash-%{+YYYY.MM.dd}" but you can change it to "logstash-%{+YYYY-MM-dd}" if you prefer hyphens in your date.

The date that gets inserted into said index name pattern is the timestamp of each message (ie the @timestamp) field. Since @timestamp is UTC it might not correspond exactly to the date in your log filename depending on how you name the files and what timezone you're in. You should not attempt to change the timezone of the @timestamp field. Other tools depend on the mapping between a message's @timestamp field and the index in which it's stored.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Test logstash with elasticsearch as input and output Elasticsearch is not creating an index received from Logstash Output file Logstash Input from Elasticsearch Error Add fields to Logstash Twitter input and Elasticsearch output Remove input tags field with elasticsearch and logstash Appending to file not showing up on logstash or elasticsearch output Specifying Field Types Indexing from Logstash to Elasticsearch Logstash elasticsearch output plugin - Populating api_key from metadata field does not work Logstash output to server with elasticsearch logstash elasticsearch output
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM