Basic是一个浮动字段。所提到的索引在elasticsearch中不存在。当使用运行配置文件时logstash -f,我没有例外。但是,elasticsearch中反映和输入的数据显示了Basicas 的映射string。我该如何纠正?以及如何针对多个字段执行此操作?
Basic
logstash -f
string
input { file { path => "/home/sagnik/work/logstash-1.4.2/bin/promosms_dec15.csv" type => "promosms_dec15" start_position => "beginning" sincedb_path => "/dev/null" } } filter { grok{ match => [ "Basic", " %{NUMBER:Basic:float}" ] } csv { columns => ["Generation_Date","Basic"] separator => "," } ruby { code => "event['Generation_Date'] = Date.parse(event['Generation_Date']);" } } output { elasticsearch { action => "index" host => "localhost" index => "promosms-%{+dd.MM.YYYY}" workers => 1 } }
你有两个问题。首先,您的grok过滤器会在csv过滤器之前列出,并且由于应用了过滤器是为了在应用grok过滤器时不会出现要转换的“基本”字段。
其次,除非您明确允许,否则grok不会覆盖现有字段。换一种说法,
grok{ match => [ "Basic", " %{NUMBER:Basic:float}" ] }
永远是空话。指定overwrite => ["Basic"]或最好使用mutate的类型转换功能:
overwrite => ["Basic"]
mutate { convert => ["Basic", "float"] }
