按数据列提供的日期每天的Logstash配置输出索引

Question

我的数据上有一列，其列上的记录日期为yyyy-MM-dd HH:mm:ss格式。我想每天为我的数据建立索引，但是我不确定如何在索引名称上附加不同的日期格式，例如measurements-yyyy-mm-dd不带HH:mm:ss

input {
    file {
        path => "/measurements.txt"
        start_position => "beginning"
        sincedb_path => "/dev/null"
    }
}
filter {
    csv {
        separator => ","
        columns => ["id", "recorded_date", "unit", "Description", "CostPerUnit"]
    }

    date {
        match => [ "recorded_date", "yyyy-MM-dd HH:mm:ss" ]
        source => "@timestamp"
    }

    date {
        match => [ "recorded_date", "yyyy-MM-dd HH:mm:ss" ]
        source => "log_day"
    }

    date_formatter {
        source => "log_day"
        pattern => "YYYY-MM-dd"
    }

    mutate {convert => ["ChannelId", "integer"]}
    mutate {convert => ["NumberOfUnits", "float"]}
    mutate {convert => ["IsOpen", "integer"]}
    mutate {convert => ["CostPerUnit", "float"]}
}

output {
    elasticsearch{
        hosts => "localhost:9200"
        index => "measurements-%{log_day}"
        document_type => "measurements"
    }
    stdout {}
}
`

I should have a list of indexes with names like the following:
- measurements-2009-04-01
- measurements-2009-04-02

Answer 1

为什么不使用grok或dissect 之前将 recorded_date 转换为日期？

有了解剖，就容易多了：

dissect {
  mapping => {
    "recorded_date" => "%{log_day} %{}"
  }
}