logstash 如何将时间戳 UNIX_MS 转化为北京时间?
2016-12-23 11:55:00 +08:00
wildcat007
日志内容如下
{"id":"549","msg-type":"activity","date":"1482372059180","thread-id":"628913","query-id":"16363060","user":"uuuser","priv_user":"uuuser","ip":"10.7.32.64","cmd":"show_create_table","query":"SHOW CREATE TABLE `uc_logindata`"}
搭建 elk ,但是想把 date 改成北京时间,不知道 filter 如何去写?
目前的 filter 格式如下
input {
file {
type => "mysql-audit"
path => ["/opt/audit_logs/mysql-audit/*"]
}
}
filter{
json {
source => "message"
target => "json"
}
}
output {
stdout {
codec => rubydebug
}
elasticsearch {
hosts => ["172.19.11.32:9200"]
}
}
输出后的结果如下
{
"path" => "/opt/audit_logs/mysql-audit/test.json",
"@timestamp" => 2016-12-23T03:05:49.752Z,
"@version" => "1",
"host" => "0.0.0.0",
"json" => {
"date" => "1482372059180",
"query-id" => "16363060",
"msg-type" => "activity",
"ip" => "10.7.32.64",
"query" => "SHOW CREATE TABLE `uc_logindata`",
"priv_user" => "uuuser",
"id" => "7",
"cmd" => "show_create_table",
"user" => "uuuser",
"thread-id" => "628913"
},
"message" => "{\"id\":\"7\",\"msg-type\":\"activity\",\"date\":\"1482372059180\",\"thread-id\":\"628913\",\"query-id\":\"16363060\",\"user\":\"uuuser\",\"priv_user\":\"uuuser\",\"ip\":\"10.7.32.64\",\"cmd\":\"show_create_table\",\"query\":\"SHOW CREATE TABLE `uc_logindata`\"}",
"type" => "mysql-audit",
"tags" => []
}
1 条回复
Had
2016-12-23 12:15:01 +08:00
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
https://www.v2ex.com/t/329635
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.