我已经在Elasticsearch中使用多个日期字段创建了一个索引,并将该列的格式设置为yyyy-mm-dd HH:mm:ss。最终,我发现日期格式不正确,并且在字段中填充了错误的数据。该索引有60万条记录,我不想留下任何数据。现在,我需要使用与YYYY-MM-ddTHH:mm:ss.Z相同的日期字段和格式创建另一个字段或新索引,并且需要将所有记录填充到新索引或新字段中。
我使用了以下日期处理器管道。但是失败了。纠正我这里有什么问题。
PUT _ingest/pipeline/date-malform
{
"description": "convert malformed date to timestamp",
"processors": [
{
"date": {
"field": "event_tm",
"target_field" : "event_tm",
"formats" : ["YYYY-MM-ddThh:mm:ss.Z"]
"timezone" : "UTC"
}
},
{
"date": {
"field": "vendor_start_dt",
"target_field" : "vendor_start_dt",
"formats" : ["YYYY-MM-ddThh:mm:ss.Z"]
"timezone" : "UTC"
}
},
{
"date": {
"field": "vendor_end_dt",
"target_field" : "vendor_end_dt",
"formats" : ["YYYY-MM-ddThh:mm:ss.Z"]
"timezone" : "UTC"
}
}
]
}
我已经创建了管道并按如下所示使用了重新索引
POST _reindex
{
"source": {
"index": "tog_gen_test"
},
"dest": {
"index": "data_mv",
"pipeline": "some_ingest_pipeline",
"version_type": "external"
}
}
运行重新索引时出现以下错误
"failures": [
{
"index": "data_mv",
"type": "_doc",
"id": "rwN64WgB936y_JOyjc57",
"cause": {
"type": "exception",
"reason": "java.lang.IllegalArgumentException: java.lang.IllegalArgumentException: unable to parse date [2019-02-12 10:29:35]",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "java.lang.IllegalArgumentException: unable to parse date [2019-02-12 10:29:35]",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "unable to parse date [2019-02-12 10:29:35]",
"caused_by": {
"type": "illegal_argument_exception",
"reason": "Illegal pattern component: T"
}
}
答案 0 :(得分:0)
答案 1 :(得分:0)
您可以像Shailesh Pratapwar建议的那样使用logstash,但是您也可以选择使用elasticsearch reindex + ingest来执行相同操作:
使用适当的日期处理器创建提取管道,以修正日期格式/操作:https://www.elastic.co/guide/en/elasticsearch/reference/master/date-processor.html
通过日期操作将数据从旧索引重新索引到新索引。来自:https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-reindex.html
Reindex还可以通过指定管道来使用Ingest Node功能