logstash с датой массива

Question

logstash с датой массива

Я пытаюсь загрузить CSV-файл в logstash, где у меня есть поле dateaaray. мой образец CSV-файла -

d1,1,2017/09/27 10:00:00,2017/09/27 10:06:00,6,"2017/09/27 10:00:00,2017/09/27 10:01:00,2017/09/27 10:02:00,2017/09/27 10:03:00,2017/09/27 10:04:00,2017/09/27 10:05:00,2017/09/27 10:06:00"
d2,2,2017/09/27 10:38:00,2017/09/27 10:45:00,7,"2017/09/27 10:38:00,2017/09/27 10:39:00,2017/09/27 10:40:00,2017/09/27 10:41:00,2017/09/27 10:42:00,2017/09/27 10:43:00,2017/09/27 10:44:00,2017/09/27 10:45:00"
d3,3,2017/09/27 11:15:00,2017/09/27 11:22:00,7,"2017/09/27 11:15:00,2017/09/27 11:16:00,2017/09/27 11:17:00,2017/09/27 11:18:00,2017/09/27 11:19:00,2017/09/27 11:20:00,2017/09/27 11:21:00,2017/09/27 11:22:00"
d4,3,2017/09/28 10:00:00,2017/09/28 10:06:00,6,"2017/09/28 10:00:00,2017/09/28 10:01:00,2017/09/28 10:02:00,2017/09/28 10:03:00,2017/09/28 10:04:00,2017/09/28 10:05:00,2017/09/28 10:06:00"
d5,4,2017/09/28 10:38:00,2017/09/28 10:45:00,7,"2017/09/28 10:38:00,2017/09/28 10:39:00,2017/09/28 10:40:00,2017/09/28 10:41:00,2017/09/28 10:42:00,2017/09/28 10:43:00,2017/09/28 10:44:00,2017/09/28 10:45:00"
d6,5,2017/09/28 11:15:00,2017/09/28 11:22:00,7,"2017/09/28 11:15:00,2017/09/28 11:16:00,2017/09/28 11:17:00,2017/09/28 11:18:00,2017/09/28 11:19:00,2017/09/28 11:20:00,2017/09/28 11:21:00,2017/09/28 11:22:00"

и мой файл конфигурации logstash -

input {
    file {
    path => "E:\Local_Elasticsearch\logstashv5\datetesting/*.csv"
    start_position => "beginning"
    sincedb_path => "/dev/null" 
    }
}

filter {
    csv {
        separator => ","
        columns  => ["name","uid","startdate","enddate","duration","datelist"]

    }
    mutate {convert =>[uid , "integer"]}
    mutate {convert =>[duration , "integer"]}

      date {
      match => [ "startdate", "ISO8601", "YYYY/MM/dd HH:mm:ss","YYYY/MM/dd HH:mm" ]
      target => "startdate"
      locale => "en"
      timezone => "Asia/Dubai"
    }

      date {
      match => [ "enddate", "ISO8601", "YYYY/MM/dd HH:mm","YYYY/MM/dd HH:mm:s" ]
      target => "enddate"
      locale => "en"
      timezone => "Asia/Dubai"
    }

      date {
      match => [ "datelist", "ISO8601", "YYYY/MM/dd HH:mm","YYYY/MM/dd HH:mm:s" ]
      target => "datelist"
      locale => "en"
      timezone => "Asia/Dubai"
    }
  }

output {
    elasticsearch {
        hosts => "localhost"
        index => "datelisti"
    }
    stdout{}

}

но в кибане мое поле списка дат хранится как строковое поле, как я могу иметь это поле в качестве datearray .

0

elasticsearch logstash kibana logstash-configuration

Источник

user901188 28 сен '17 в 10:26

0 ответов

Другие вопросы по тегам elasticsearch logstash kibana logstash-configuration