我正在尝试使用logstash和filebeats将日志获取到Kibana。我需要从日志文件中获取日志时间。然而,kibana并不将数据和时间(在日志中(作为日期时间。相反,in采用字符串形式,并且无法更改格式。我一直在尝试不同的时间格式,但没有成功。感谢你的帮助以下是配置。
logstash过滤器
filter {
grok {
match => {
"message" => "(?application_[^/])[^ ] [%{TIMESTAMP_ISO8601:logTime}] %{LOGLEVEL:logLevel} %{GREEDYDATA:LogMessage}" }
}
}
样本日志
/yarn/container-logs/application_1621858977521_0151/container_1621858977521_0151_01_000004 [2021-06-28 02:38:10,542] INFO Started daemon with process name: 7796@slave1 (org.apache.spark.executor.CoarseGrainedExecutorBackend)
/yarn/container-logs/application_1621858977521_0151/container_1621858977521_0151_01_000004 [2021-06-28 02:38:10,547] INFO Registered signal handler for TERM (org.apache.spark.util.SignalUtils)
/yarn/container-logs/application_1621858977521_0151/container_1621858977521_0151_01_000004 [2021-06-28 02:38:10,548] INFO Registered signal handler for HUP (org.apache.spark.util.SignalUtils)
只需将logTime重命名为timestamp
filter {
grok {
match => {
"message" => "(?application_[^/])[^ ] [%{TIMESTAMP_ISO8601:timestamp}] %{LOGLEVEL:logLevel} %{GREEDYDATA:LogMessage}" }
}
}