【logstash】时间计算和格式化

记录

时间格式化:.strftime(’%Y-%m-%d %H:%M:%S.%L’)
%L:毫秒
时间计算:code => “event.set(‘timestamp’, (event.get(‘timestamp’).time.localtime - 8*60*60))”

input {
  file {
   path => "/home/nxlog/test.txt"
   start_position => "beginning"
    }  
}  

filter{
    grok {
        match => { "message" => "\[%{DATA:bob_logtime}\] %{DATA:bob_loglevel} \[%{DATA:bob_contextName}\]\[%{DATA:bob_thread}\]\[%{DATA:bob_flowId}\]\[%{DATA:bob_traceId}\]\[%{DATA:bob_spanId}\]\[%{DATA:bob_extend}\] %{DATA:bob_class} - %{DATA:bob_mydata}"}
    }
    mutate {
        add_field => {
            "streams" => ["5e8456c8df8b291d662c4638"]
        }
    }
    date {
        match => ["bob_logtime", "yyyy-MM-dd HH:mm:ss.SSS"]
        target => "timestamp"
    }
    ruby {
        code => "event.set('timestamp', (event.get('timestamp').time.localtime - 8*60*60).strftime('%Y-%m-%d %H:%M:%S.%L'))"
    }
    mutate{
	rename => ["@timestamp", "_time"]
	rename => ["host", "source"]
        remove_field => ["path"]
        remove_field => ["@version"]
    }
}


output {
    stdout{
       codec => rubydebug
    }
    elasticsearch {
    hosts => "192.168.113.99:9200"
    index => "sq_1"
    document_type => "message"
    user => "elastic"
    password => "elastic"
   }
}
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值