随手一笔,遇到一个奇葩数据库,日期格式丰富多变,以下记录一种简单的解决方式,格式上可以作为日后的启发。
#注意两个date filter plugin即可
filter {
date {
match => ["pzrq","yyyy-MM-dd","yyyy/MM/dd","yyyy.MM.dd","yyyy-M-d","yyyy/M/d","yyyy.M.d"]
target => "pzrq"
}
date {
match => ["yxqz","yyyy-MM-dd","yyyy/MM/dd","yyyy.MM.dd","yyyy-M-d","yyyy/M/d","yyyy.M.d"]
target => "yxqz"
}
mutate {
copy => { "id" => "[@metadata][_id]"}
remove_field => [ "@version","@timestamp"]
}
}
