按数据列提供的日期每天的Logstash配置输出索引

时间:2019-05-20 23:43:12

标签: docker elasticsearch logstash

我的数据上有一列,其列上的记录日期为yyyy-MM-dd HH:mm:ss格式。我想每天为我的数据建立索引,但是我不确定如何在索引名称上附加不同的日期格式,例如measurements-yyyy-mm-dd不带HH:mm:ss 

input {
    file {
        path => "/measurements.txt"
        start_position => "beginning"
        sincedb_path => "/dev/null"
    }
}
filter {
    csv {
        separator => ","
        columns => ["id", "recorded_date", "unit", "Description", "CostPerUnit"]
    }

    date {
        match => [ "recorded_date", "yyyy-MM-dd HH:mm:ss" ]
        source => "@timestamp"
    }

    date {
        match => [ "recorded_date", "yyyy-MM-dd HH:mm:ss" ]
        source => "log_day"
    }

    date_formatter {
        source => "log_day"
        pattern => "YYYY-MM-dd"
    }

    mutate {convert => ["ChannelId", "integer"]}
    mutate {convert => ["NumberOfUnits", "float"]}
    mutate {convert => ["IsOpen", "integer"]}
    mutate {convert => ["CostPerUnit", "float"]}
}

output {
    elasticsearch{
        hosts => "localhost:9200"
        index => "measurements-%{log_day}"
        document_type => "measurements"
    }
    stdout {}
}
`

I should have a list of indexes with names like the following:
- measurements-2009-04-01
- measurements-2009-04-02

1 个答案:

答案 0 :(得分:0)

为什么不使用grokdissect 之前 recorded_date 转换为日期?

有了解剖,就容易多了:

dissect {
  mapping => {
    "recorded_date" => "%{log_day} %{}"
  }
}
相关问题
最新问题