V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
wildcat007
V2EX  ›  Logstash

logstash 如何将时间戳 UNIX_MS 转化为北京时间?

  •  
  •   wildcat007 · 2016-12-23 11:55:00 +08:00 · 6588 次点击
    这是一个创建于 2899 天前的主题,其中的信息可能已经有所发展或是发生改变。
    日志内容如下
    {"id":"549","msg-type":"activity","date":"1482372059180","thread-id":"628913","query-id":"16363060","user":"uuuser","priv_user":"uuuser","ip":"10.7.32.64","cmd":"show_create_table","query":"SHOW CREATE TABLE `uc_logindata`"}

    搭建 elk ,但是想把 date 改成北京时间,不知道 filter 如何去写?

    目前的 filter 格式如下
    input {
    file {
    type => "mysql-audit"
    path => ["/opt/audit_logs/mysql-audit/*"]
    }
    }

    filter{
    json {
    source => "message"
    target => "json"
    }
    }


    output {
    stdout {
    codec => rubydebug
    }
    elasticsearch {
    hosts => ["172.19.11.32:9200"]
    }
    }


    输出后的结果如下
    {
    "path" => "/opt/audit_logs/mysql-audit/test.json",
    "@timestamp" => 2016-12-23T03:05:49.752Z,
    "@version" => "1",
    "host" => "0.0.0.0",
    "json" => {
    "date" => "1482372059180",
    "query-id" => "16363060",
    "msg-type" => "activity",
    "ip" => "10.7.32.64",
    "query" => "SHOW CREATE TABLE `uc_logindata`",
    "priv_user" => "uuuser",
    "id" => "7",
    "cmd" => "show_create_table",
    "user" => "uuuser",
    "thread-id" => "628913"
    },
    "message" => "{\"id\":\"7\",\"msg-type\":\"activity\",\"date\":\"1482372059180\",\"thread-id\":\"628913\",\"query-id\":\"16363060\",\"user\":\"uuuser\",\"priv_user\":\"uuuser\",\"ip\":\"10.7.32.64\",\"cmd\":\"show_create_table\",\"query\":\"SHOW CREATE TABLE `uc_logindata`\"}",
    "type" => "mysql-audit",
    "tags" => []
    }
    1 条回复    2016-12-23 12:15:01 +08:00
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2757 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 23ms · UTC 12:40 · PVG 20:40 · LAX 04:40 · JFK 07:40
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.