[英]Logstash : Get timestamp from mysql doesn't work, convert it to string it work?
我正在使用此 conf 文件覆蓋 ElasticSearch 中的 @timestamp 字段,但我自動獲得了一個_dateparsefailure
標志:
input {
jdbc {
jdbc_driver_library => "C:/path/to/mariadb-java-client.jar"
statement => "SELECT '${FIELD}' as field, from ${TABLE_NAME}"
tracking_column => "timestamp"
tracking_column_type => "timestamp"
}
}
filter {
grok {
match => ["timestamp","%{TIMESTAMP_ISO8601}"]
}
date {
match => ["timestamp", "ISO8601"]
}
}
請注意,無論是否使用 grok 過濾器,我都會得到相同的結果。
結果:
{
"@timestamp" => 2022-12-13T09:16:10.365Z,
"timestamp" => 2022-11-23T10:36:13.000Z,
"@version" => "1",
"tags" => [
[0] "_dateparsefailure"
],
"type" => "mytype",
}
但是當我用這個 conf 提取時間戳時:
input {
*same input*
}
filter {
grok {
match => ["timestamp","%{TIMESTAMP_ISO8601:tmp}"]
tag_on_failure => [ "_grokparsefailure"]
}
date {
match => ["tmp", "ISO8601"]
}
}
然后它給了我預期的結果:
{
"@timestamp" => 2022-11-23T11:16:36.000Z,
"@version" => "1",
"timestamp" => 2022-11-23T11:16:36.000Z,
"tmp" => "2022-11-23T11:16:36.000Z",
}
誰能解釋為什么會這樣,我怎樣才能避免創建這個額外的字段? 謝謝
好的,我猜首先解析一個字符串,但是timestamp
已經有正確的類型,所以一個副本就足以保存和覆蓋@timestamp
字段:
filter {
mutate {
copy => { "@timestamp" => "insertion_timestamp" }
copy => { "timestamp" => "@timestamp" }
remove_field => [ "timestamp" ]
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.