我收到这个错误"没有找到[@timestamp]的映射以便对logstash"进行排序;
我的conf文件
input { elasticsearch {
hosts => ["localhost"]
index => "employees_data"
query => '{ "query": { "match_all": { } } }'
scroll => "5m"
docinfo => true}}filter {elasticsearch {
hosts => ["localhost"]
index => "transaction_data"
query => "code:1"
fields => {
"code"=>"Code"
"payment" => "Payment"
"moth"=>"Month"}}}output {elasticsearch { hosts => ["localhost"]index => "join"}}
这是因为elasticsearch过滤器插件的sort参数。如果未指定,则默认为@timestamp:desc,并且您可能没有该字段。
只需进行以下更改,您就可以开始了:
filter {
elasticsearch {
hosts => ["localhost"]
index => "transaction_data"
query => "code:1"
sort => "code:asc" <--- add this line
fields => {
"code"=>"Code"
"payment" => "Payment"
"moth"=>"Month"
}
}
}