随手一笔,遇到一个奇葩数据库,日期格式丰富多变,以下记录一种简单的解决方式,格式上可以作为日后的启发。
#注意两个date filter plugin即可filter { date { match => ["pzrq","yyyy-MM-dd","yyyy/MM/dd","yyyy.MM.dd","yyyy-M-d","yyyy/M/d","yyyy.M.d"] target => "pzrq" } date { match => ["yxqz","yyyy-MM-dd","yyyy/MM/dd","yyyy.MM.dd","yyyy-M-d","yyyy/M/d","yyyy.M.d"] target => "yxqz" } mutate { copy => { "id" => "[@metadata][_id]"} remove_field => [ "@version","@timestamp"] }}