已经实现logstash @timestamp转换为本地时间,为什么输出保存为文件时还是以早上八点为分割?
Logstash | 作者 juneryang | 发布于2017年09月08日 | 阅读数:4704
input {
beats {
port => "5043"
}
}
filter {
ruby {
code => "event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60); event.set('@timestamp', event.get('timestamp'))"
}
mutate {
remove_field => "offset"
remove_field => "@version"
remove_field => "input_type"
remove_field => "beat"
remove_field => "host"
remove_field => "source"
remove_field => "type"
remove_field => "day"
remove_field => "tags"
remove_field => "timestamp"
}
}
output {
file{
codec => line {format => "%{message}"}
path => "/home/logstash/elk/data/logstash/test.%{+YYYY-MM-dd}"
}
}
beats {
port => "5043"
}
}
filter {
ruby {
code => "event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60); event.set('@timestamp', event.get('timestamp'))"
}
mutate {
remove_field => "offset"
remove_field => "@version"
remove_field => "input_type"
remove_field => "beat"
remove_field => "host"
remove_field => "source"
remove_field => "type"
remove_field => "day"
remove_field => "tags"
remove_field => "timestamp"
}
}
output {
file{
codec => line {format => "%{message}"}
path => "/home/logstash/elk/data/logstash/test.%{+YYYY-MM-dd}"
}
}
0 个回复