如何通过logstash添加字段

时间:2017-10-10 08:07:48

标签: logstash logstash-grok logstash-configuration

我想插入以下字段:

"date": {
"type": "date",
"format": "YYYY-MM-DD HH:mm:ss,SSS"
}

在我的Logstash配置中,我尝试了以下操作:

grok {
  patterns_dir => "/etc/logstash/conf.d/patterns"
  match => { "message" => "%{USERACTIVITY}" }
}
mutate {
  add_field => {
    "type" => "date" 
    "format" => "%{date}" 
  }
}

mutate {
  add_field => {
    "timestamp" => "{ %{type} , %{fomat} }"
  }
}

但它不起作用。是否可以从exitsting添加键值对?

1 个答案:

答案 0 :(得分:0)

尝试,

mutate {
  add_field => {
    "type" => "date" 
    "format" => "%{[date][format]}" 
  }
}
相关问题
最新问题