如何解决logstash中的日期解析错误?

时间:2015-11-21 13:21:08

标签: elasticsearch logstash logstash-configuration

我有以下logstash配置:

input {
    file{
        path => ["C:/Users/MISHAL/Desktop/ELK_Files/rm/evsb.json"]
        type => "json"
        start_position => "beginning"
  }
}
filter {

  json {
        source => "message"
  }

  mutate {
      convert => [ "increasedFare", "float"]
      convert => ["enq", "float"]
      convert => ["bkd", "float"]
    }

  date{
    match => [ "date" , "YYYY-MM-dd HH:mm:ss" ]
    target => "@timestamp"
  }

}

output {
  stdout {
    codec => rubydebug
  } 
  elasticsearch {
    hosts => "localhost"
    index => "zsx"
  }


}

这是json数据jt.json:

[{"id":1,"date":"2015-11-11 23:00:00","enq":"105","bkd":"9","increasedFare":"0"}, {"id":2,"date":"2015-11-15 23:00:00","eng":"55","bkd":"2","increasedFare":"0"}, {"id":3,"date":"2015-11-20 23:00:00","enq":"105","bkd":"9","increasedFare":"0"}, {"id":4,"date":"2015-11-25 23:00:00","eng":"55","bkd":"2","increasedFare":"0"}]

尝试在logstash中运行此操作但是我无法解析日期或获取时间戳中的日期。 以下是我得到的警告信息:

Failed parsing date from field {:field=>"[date]", :value=>"%{[date]}", :exception=>"Invalid format: \"%{[date]}\"", :config_parsers=>"YYYY-MM-dd HH:mm:ss", :config_locale=>"default=en_IN", :level=>:warn}

以下是标准输出

Logstash startup completed
{
          "message" => "{\"id\":2,\"date\":\"2015-09-15 23:00:00\",\"enq\":\"34\",\"bkd\":\"2\",\"increasedFare\":\"0\"}\r",
         "@version" => "1",
       "@timestamp" => "2015-09-15T17:30:00.000Z",
             "host" => "TCHWNG",
             "path" => "C:/Users/MISHAL/Desktop/ELK_Files/jsonTest/jt.json",
             "type" => "json",
               "id" => 2,
             "date" => "2015-09-15 23:00:00",
              "enq" => 34.0,
              "bkd" => 2.0,
    "increasedFare" => 0.0
}
{
          "message" => "{\"id\":3,\"date\":\"2015-09-20 23:00:00\",\"enq\":\"22\",\"bkd\":\"9\",\"increasedFare\":\"0\"}\r",
         "@version" => "1",
       "@timestamp" => "2015-09-20T17:30:00.000Z",
             "host" => "TCHWNG",
             "path" => "C:/Users/MISHAL/Desktop/ELK_Files/jsonTest/jt.json",
             "type" => "json",
               "id" => 3,
             "date" => "2015-09-20 23:00:00",
              "enq" => 22.0,
              "bkd" => 9.0,
    "increasedFare" => 0.0
}
{
          "message" => "{\"id\":4,\"date\":\"2015-09-25 23:00:00\",\"enq\":\"66\",\"bkd\":\"2\",\"increasedFare\":\"0\"}\r",
         "@version" => "1",
       "@timestamp" => "2015-09-25T17:30:00.000Z",
             "host" => "TCHWNG",
             "path" => "C:/Users/MISHAL/Desktop/ELK_Files/jsonTest/jt.json",
             "type" => "json",
               "id" => 4,
             "date" => "2015-09-25 23:00:00",
              "enq" => 66.0,
              "bkd" => 2.0,
    "increasedFare" => 0.0
}

试图解决这个问题两天并尝试了各种各样的事情,但我无法解决这个问题。请告诉我这里做错了什么。

0 个答案:

没有答案
相关问题
最新问题