将CSV发送到influxDB

Question

我有一个不错的PowerShell脚本，用于获取事件日志并将其导出为CSV，然后打算将其解析为influxDB，并且尝试了几种方法。其中是：

• 通过PowerShell流写入Telegraf。可以发送包裹，但我认为包裹中什么也没有，因为我头上有些文本编码方式。

通过API

• POST查询。

• 第三方程序（尽管它们是Syslog专用的，并且也没有帮助）。

我现在发现一个Python script on Github可以将CSV文件发送到我的Influx服务器，这很完美，而且看起来像是可以正常工作，但事实是它给我带来了时间戳错误。 尽管此Python脚本确实确实可以连接并可以创建数据库，但事件日志中的时间戳似乎有问题，即使我在CSV文件本身中手动将其更改为默认时间戳，它仍然会抱怨： / p>

python.exe : Traceback (most recent call last):
At line:1 char:1
+ python.exe .\csv-to-influx\csv-to-influxdb.py `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (Traceback (most recent call last)::String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError

  File ".\csv-to-influx\csv-to-influxdb.py", line 175, in 
    args.timezone)
  File ".\csv-to-influx\csv-to-influxdb.py", line 68, in loadCsv
    for row in reader:
  File "C:\Users\alexander.hansen\AppData\Local\Programs\Python\Python37-32\lib\csv.py", line 111, in __next__
    self.fieldnames
  File "C:\Users\alexander.hansen\AppData\Local\Programs\Python\Python37-32\lib\csv.py", line 98, in fieldnames
    self._fieldnames = next(self.reader)
_csv.Error: line contains NULL byte

当尝试使用Py脚本插入这1行CSV时出现：

EntryType,"TimeGenerated","Source","EventID","MachineName","Message"
Warning,"2019-07-03 13:27:03","Group Policy Local Users and Groups","4098","Hostname","The computer 'admin' preference item in the ---' Group Policy Object did not apply because it failed with error code '0x8007052a This operation is disallowed as it could result in an administration account being disabled, deleted or unable to logon.' This error was suppressed."

我希望能够真正了解问题所在，但我不确定。 CSV看起来应该是应该的吗？

Answer 1

我发现有一个增强的csv输出可以大量涌入。 https://github.com/Bugazelle/export-csv-to-influx

安装方式：pip install ExportCsvToInflux

export_csv_to_influx \
--csv test.csv \
--dbname test \
--measurement sample \
--tag_columns EntryType,Source,MachineName \
--field_columns EntryType,Source,EventID,MachineName,Message \
--time_column TimeGenerated \
--user admin \
--password admin \
--server 127.0.0.1:8086

以下是涌入数据：

> use test
Using database test
> select * from sample
name: sample
time                EntryType EntryType_1 EventID MachineName MachineName_1 Message                                                                                                                                                                                                                                                                               Source                              Source_1
----                --------- ----------- ------- ----------- ------------- -------                                                                                                                                                                                                                                                                               ------                              --------
1562160423000000000 Warning   Warning     4098    Hostname    Hostname      The computer 'admin' preference item in the ---' Group Policy Object did not apply because it failed with error code '0x8007052a This operation is disallowed as it could result in an administration account being disabled, deleted or unable to logon.' This error was suppressed. Group Policy Local Users and Groups Group Policy Local Users and Groups
>