我正在尝试将三列合并为两个新字段
示例: Job_Date 6 \ 5 \ 2019 Job_Start_Time 0:00 Job_End_Time 0:00
进入新字段: timestamp_start 6/5/2019,0:00 timestamp_end 6/5/2019,0:00
正在创建新字段,但是下面出现了解析错误。
{
"@timestamp" => 2019-06-22T21:08:20.370Z,
"Warning" => 60,
"path" => "/Users/*******/Desktop/Logstash-Files/ax_batch_performance_test_new.csv",
"message" => "job",6/4/2019,13:45,13:45,6,120,60,15\r",
"tags" => [
[0] "_dateparsefailure"
],
"host" => "host",
"Job_Duration" => 6,
"timestamp_end" => "6/4/2019 13:45",
"Job_Start_Time" => "13:45",
"Critical" => 120,
"@version" => "1",
"Job_End_Time" => "13:45",
"Job_Date" => "6/4/2019",
"timestamp_start" => "6/4/2019 13:45",
"Target" => 15,
"Job_Name" => "job name"
我正在运行Logstash版本7.1.1。我尝试在date插件内外运行mutate命令。...如果有问题,我仍在学习。
我已经成功解析了完全像这样的日期格式,但是没有通过创建新字段并将数据和时间组合在一起来解析日期格式。
filter{
csv {
separator => ","
columns => ["Job_Name", "Job_Date", "Job_Start_Time", "Job_End_Time", "Job_Duration", "Critical", "Warning", "Target"]
}
mutate {convert => ["Job_Duration", "integer"]}
mutate {convert => ["Critical", "integer"]}
mutate {convert => ["Warning", "integer"]}
mutate {convert => ["Target", "integer"]}
mutate { add_field => {"timestamp_start" => "%{Job_Date} %{Job_Start_Time}"}}
mutate { add_field => {"timestamp_end" => "%{Job_Date} %{Job_End_Time}"}}
date {
match => ["timestamp_start", "M/d/yyyy, HH:MM"]
timezone => "UTC"
}
date {
match => ["timestamp_end", "M/d/yyyy, HH:MM"]
timezone => "UTC"
}
}
我希望将日期和时间解析为日期并放入@timestamp中。