记录
时间格式化:.strftime(’%Y-%m-%d %H:%M:%S.%L’)
%L:毫秒
时间计算:code => “event.set(‘timestamp’, (event.get(‘timestamp’).time.localtime - 8*60*60))”
input {
file {
path => "/home/nxlog/test.txt"
start_position => "beginning"
}
}
filter{
grok {
match => { "message" => "\[%{DATA:bob_logtime}\] %{DATA:bob_loglevel} \[%{DATA:bob_contextName}\]\[%{DATA:bob_thread}\]\[%{DATA:bob_flowId}\]\[%{DATA:bob_traceId}\]\[%{DATA:bob_spanId}\]\[%{DATA:bob_extend}\] %{DATA:bob_class} - %{DATA:bob_mydata}"}
}
mutate {
add_field => {
"streams" => ["5e8456c8df8b291d662c4638"]
}
}
date {
match => ["bob_logtime", "yyyy-MM-dd HH:mm:ss.SSS"]
target => "timestamp"
}
ruby {
code => "event.set('timestamp', (event.get('timestamp').time.localtime - 8*60*60).strftime('%Y-%m-%d %H:%M:%S.%L'))"
}
mutate{
rename => ["@timestamp", "_time"]
rename => ["host", "source"]
remove_field => ["path"]
remove_field => ["@version"]
}
}
output {
stdout{
codec => rubydebug
}
elasticsearch {
hosts => "192.168.113.99:9200"
index => "sq_1"
document_type => "message"
user => "elastic"
password => "elastic"
}
}