我正试图获取一个包含grok、date和remove处理器的管道,但尽管明确提到了字段";消息";根据文件
GET _ingest/pipeline/_simulate
{
"pipeline" : {
"processors" : [
{
"grok" : {
"field" : "message",
"pattern" : "%{COMMONAPACHELOG}"
}
},
{
"date" : {
"match_field" : "timestamp",
"match_formats" : ["dd/MMM/YYYY:HH:mm:ss Z"]
}
},
{
"remove" : {
"field" : "message"
}
}
]
},
"docs" : [
{
"_source" : {
"message" : "52.35.38.35 -- [19/Apr/2016:12:00:04 +0200] "GET/ HTTP/1.1" 200 24"
},
"_index" : "indexer"
}
]
}
我得到这个错误,请帮助
{
"error" : {
"root_cause" : [
{
"type" : "parse_exception",
"reason" : "[patterns] required property is missing",
"property_name" : "patterns",
"processor_type" : "grok",
"suppressed" : [
{
"type" : "parse_exception",
"reason" : "[field] required property is missing",
"property_name" : "field",
"processor_type" : "date"
}
]
}
],
"type" : "parse_exception",
"reason" : "[patterns] required property is missing",
"property_name" : "patterns",
"processor_type" : "grok",
"suppressed" : [
{
"type" : "parse_exception",
"reason" : "[field] required property is missing",
"property_name" : "field",
"processor_type" : "date"
}
]
},
"status" : 400
}
我试着在youtube上找一个视频,发现有人有同样的代码,它执行得很好这是视频https://www.youtube.com/watch?v=PEHnBa19Gxs&t=1s在34分钟
因为它在youtube上运行是因为它在旧版本上。这将适用于较新版本的
GET _ingest/pipeline/_simulate
{
"pipeline" : {
"processors" : [
{
"grok" : {
"field" : "message",
"patterns" : ["%{COMMONAPACHELOG}"]
}
},
{
"date" : {
"field" : "timestamp",
"formats" : ["dd/MMM/YYYY:HH:mm:ss Z"]
}
},
{
"remove" : {
"field" : "message"
}
}
]
},
"docs" : [
{
"_source" : {
"message" : "52.35.38.35 - - [19/Apr/2016:12:00:04 +0200] "GET/ HTTP/1.1" 200 24"
},
"_index" : "indexer"
}
]
}