嗨,我創建了攝取管道來獲取自定義日志,我的帶有處理器的管道如下所示
[
{
"grok": {
"field": "message",
"patterns": [
"\\[%{TIMESTAMP_ISO8601:timestamp}\\] %{DATA:env}\\.%{DATA:log.level}: (?<message>(.|\r|\n)*)"
],
"ignore_missing": true
}
},
{
"date": {
"field": "timestamp",
"formats": [
"yyyy-MM-dd'T'HH:mm:ss.SSXX"
],
"target_field": "@timestamp"
}
},
{
"json": {
"field": "message",
"add_to_root": true,
"ignore_failure": true
}
}
]
現在當我發送日期格式的日志時
[2022-01-27T08:31:16.806171 00:00] local.INFO: {"request-id":"5f9c3819-97b3-4439-87ab-30c58bffd2a5","event_name":"cancel_pending_withdraw","message":"action webhook sent"}
[2022-01-27T12:31:09.972653 00:00] local.INFO: {"request-id":"6cea1e1d-8e54-4225-b7d8-5383e39690bb","event_name":"deposit_approved","message":"Triggering all action now"}
它給出了錯誤
{"type":"illegal_argument_exception","reason":"failed to parse date field [2022-01-27T10:22:49.234717 00:00] with format [yyyy-MM-dd'T'HH:mm:ss.SSXX]","caused_by":{"type":"date_time_parse_exception","reason":"Text '2022-01-27T10:22:49.234717 00:00' could not be parsed at index 22"}}
任何人都可以幫助這里到底錯在哪里
uj5u.com熱心網友回復:
您可以改用strict_date_optional_time_nanos日期格式,它將起作用:
{
"date": {
"field": "timestamp",
"formats": [
"strict_date_optional_time_nanos"
],
"target_field": "@timestamp"
}
},
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/423048.html
標籤:
上一篇:過濾帶有腳本條件的條目