我试图在json
的嵌套日期字段中使用日期过滤器json片段:
"_source": {
"QueryResult": {
"Results": [
{
"CreationDate": "2016-12-13T05:37:11.953Z",
过滤配置:
filter {
date {
match => [ "[QueryResult][Results][CreationDate]", "ISO8601" ]
}
}
以下错误导致失败:
[2017-01-05T19:40:44,575][ERROR][logstash.pipeline ] Exception in pipelineworker, the pipeline stopped processing new events, please check your filter configuration and restart Logstash. {"exception"=>java.lang.NumberFormatException: For input string: "CreationDate", "backtrace"=>["java.lang.
NumberFormatException.forInputString(java/lang/NumberFormatException.java:65)", "java.lang.Integer.parseInt(java/lang/Integer.java:580)", "java.lang.Integer.parseInt(java/lang/Integer.java:615)", "org.logstash.Accessors.fetch(org/logstash/Accessors.java:130)", "org.logstash.Accessors.get(org/logstas
h/Accessors.java:20)", "org.logstash.Event.getUnconvertedField(org/logstash/Event.java:160)", "org.logstash.Event.getField(org/logstash/Event.java:150)", "org.logstash.filters.DateFilter.executeParsers(org/logstash/filters/DateFilter.java:97)", "org.logstash.filters.DateFilter.receive(org/logstash/f
ilters/DateFilter.java:78)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:497)", "RUBY.multi_filter(/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-date-3.1.1/lib/logstash/filters/date.rb:191)", "RUBY.multi_filter(/usr/share/logstash/logstash-core/lib/logstash/filt
er_delegator.rb:41)", "RUBY.filter_func((eval):42)", "LogStash::Pipeline.filter_batch(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:295)", "LogStash::Pipeline.filter_batch(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:295)", "org.jruby.RubyProc.call(org/jruby/RubyProc.java:
281)", "LogStash::Util::WrappedSynchronousQueue::ReadBatch.each(/usr/share/logstash/logstash-core/lib/logstash/util/wrapped_synchronous_queue.rb:192)", "LogStash::Util::WrappedSynchronousQueue::ReadBatch.each(/usr/share/logstash/logstash-core/lib/logstash/util/wrapped_synchronous_queue.rb:192)", "or
g.jruby.RubyHash.each(org/jruby/RubyHash.java:1342)", "LogStash::Util::WrappedSynchronousQueue::ReadBatch.each(/usr/share/logstash/logstash-core/lib/logstash/util/wrapped_synchronous_queue.rb:191)", "LogStash::Util::WrappedSynchronousQueue::ReadBatch.each(/usr/share/logstash/logstash-core/lib/logsta
sh/util/wrapped_synchronous_queue.rb:191)", "LogStash::Pipeline.filter_batch(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:294)", "LogStash::Pipeline.filter_batch(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:294)", "RUBY.worker_loop(/usr/share/logstash/logstash-core/lib/lo
gstash/pipeline.rb:282)", "RUBY.start_workers(/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:258)", "java.lang.Thread.run(java/lang/Thread.java:745)"]}
我现在已经试图解决这个问题几天,但没有运气。
我尝试按照建议@ Access nested JSON Field in Logstash删除编解码器:json,并按建议@ 0 Parsing a date field in logstash to elastic search和Nested field access in date filter
检查日期格式基于上面的帖子,我尝试了下面的过滤器片段,但仍然遇到了同样的错误:
date {
match => [ "[QueryResult][Results][CreationDate]",
"UNIX",
"UNIX_MS",
"ISO8601",
"timestamp",
"yyyy-MM-dd HH:mm:ss.SSS",
"yyyy-MM-dd HH:mm:ss,SSS",
"yyyy-MM-dd HH:mm:ss",
"yyyy/MM/dd HH:mm:ss",
"MMM d HH:mm:ss",
"MMM dd HH:mm:ss",
"dd/MMM/yyyy:HH:mm:ss Z",
"yyyy-MM-dd HH:mm:ss.SSSZ",
"yyyy-MM-dd'T'HH:mm:ss.SSSZ",
"yyyy-MM-dd'T'HH:mm:ssZ",
"E MMM dd HH:mm:ss yyyy Z" ]
target => "timestamp"
}
任何帮助/线索将不胜感激。