After spending half a day on this already :-( I don't care which filter is used as long as it works.
我正在记录设置了字段时间戳的JSON事件 .
如何使用 event['timestamp'] 中的可用值覆盖 Time 列中显示的值?我对logline到达logstash时不感兴趣,我希望看到它何时发布 .
logstash.conf #1
filter { ruby { code => " event[@metadata][timestamp] = event['timestamp'] " } }
logstash.conf #2
filter { ruby { code => " event[@timestamp] = event['timestamp'] " } }
logstash.conf #3
filter { ruby { code => " event.set('[@metadata][timestamp]', event['timestamp']) " } }
所有三次尝试都失败并导致以下输出 .
Kibana:
如你所见 Time 与 timestamp 不匹配 .