Logstash直接将JSON字段保存到日期类型中

时间:2016-07-27 18:36:02

标签: elasticsearch logstash logstash-configuration

我有一个JSON输入

{"name":"peter", "time1": "2014-12-23 13:45:23"}
{"name":"tom", "time1": "2014-11-30 04:55:34"}

并过滤

json {
    source => "message"
}

date {
    locale => "en"
    match => ["time1", "yyyy-MM-dd HH:mm:ss"]
    timezone => "UTC"
    target => "time2"
}

目前,我能够在弹性搜索中解析time1并将time2作为日期字段。但是,在弹性搜索中,字段time1仍然是字符串

是否可以在不创建time1的情况下直接将**Date**的类型更改为time2

1 个答案:

答案 0 :(得分:0)

你可以:

date {
    locale => "en"
    match => ["time1", "yyyy-MM-dd HH:mm:ss"]
    timezone => "UTC"
    target => "time1"
}
相关问题
最新问题