我正在制作一个logstash .conf,在我的过滤器上,我需要提取两个时间戳的工作日,但是Logstash表现得好像他只在进行一场比赛,例如:
Timestamp 1: Mar 7, 2019 @ 23:41:40.476 . => Thursday
Timestamp 2: Mar 1, 2019 @ 15:22:47.209 . => Thu
预期输出
Timestamp 1: Mar 7, 2019 @ 23:41:40.476 . => Thursday
Timestamp 2: Mar 1, 2019 @ 15:22:47.209 . => Fri
这些是我的过滤器:
date {
match => ["[system][process][cpu][start_time]", "dd-MM-YYYY HH:mm:ss", "ISO8601"]
target => "[system][process][cpu][start_time]"
add_field => {"[Weekday]" => "%{+EEEEE}"}
}
date {
match => ["[FechaPrimero]", "dd-MM-YYYY HH:mm:ss", "ISO8601"]
target => "[FechaPrimero]"
add_field => {"[WeekdayFirtsDay]" => "%{+EE}"}
}
答案 0 :(得分:1)
这是因为默认情况下%{+ EEEEE} 和%{+ EE} 考虑了 @timestamp 字段,用户输入的字段(不知道它是用文档编写的)
据我所知,唯一的方法是使用一部分红宝石代码来提取星期几,如下所示:
ruby {
code => 'event.set("Weekday", Time.parse(event.get("[system][process][cpu][start_time]").to_s).strftime("%A"))'
}
ruby {
code => 'event.set("FechaPrimero", Time.parse(event.get("FechaPrimero").to_s).strftime("%a"))'
}