我们在csv文件中提供了来自外部来源的数据,如下所示:
orderid,OrderDate,BusinessMinute,Quantity,Price 31874,01-01-2013,00:06,2,17.9
数据date在一个列中并且time在另一列中-我需要通过将这两列组合在一起来生成时间戳。
date
time
我正在使用csv filterlogstash中的以下配置从文件读取以上数据-这将生成自己的时间戳:
csv filter
input { file { path => "/root/data/import/Order.csv" start_position => "beginning" } } filter { csv { columns => ["orderid","OrderDate","BusinessMinute","Quantity","Price"] separator => "," } } output { elasticsearch { action => "index" host => "localhost" index => "demo" workers => 1 } }
如何使OrderDate + Business Minuteas作为组合@timestamp?
OrderDate + Business Minute
@timestamp
使用mutate过滤器将OrderDate和BusinessMinute字段组合为单个(临时)字段,然后使用日期过滤器,如果成功,则将其删除。
filter { mutate { add_field => { "timestamp" => "%{OrderDate} %{BusinessMinute}" } } date { match => ["timestamp", "..."] remove_field => ["timestamp"] } }
