Gop*_*lem 13 csv elasticsearch logstash
我们在csv文件中有来自外部源的数据:
orderid,OrderDate,BusinessMinute,Quantity,Price
31874,01-01-2013,00:06,2,17.9
数据date在一列和time另一列中 - 我需要通过将这两列组合在一起来生成时间戳.
我正在使用csv filterlogstash中的以下配置从文件中读取上述数据 - 这是生成自己的时间戳:
input {
file {
path => "/root/data/import/Order.csv"
start_position => "beginning"
}
}
filter {
csv {
columns => ["orderid","OrderDate","BusinessMinute","Quantity","Price"]
separator => ","
}
}
output {
elasticsearch {
action => "index"
host => "localhost"
index => "demo"
workers => 1
}
}
如何组合OrderDate + Business Minute作为@timestamp?
Mag*_*äck 16
使用mutate过滤器将OrderDate和BusinessMinute字段组合到单个(临时)字段中,然后使用日期过滤器并在成功时删除该字段.
filter {
mutate {
add_field => {
"timestamp" => "%{OrderDate} %{BusinessMinute}"
}
}
date {
match => ["timestamp", "..."]
remove_field => ["timestamp"]
}
}
| 归档时间: |
|
| 查看次数: |
6124 次 |
| 最近记录: |