ue.log,这个ue.log是用的monolog的LogstashFormatter类输出的,所以格式如下了
{"@timestamp":"2016-08-08T00:00:14.003614+08:00","@source":"i-lz0rh3sb","@fields":{"channel":"user_events","level":200,"ctxt_user_id":96836,"ctxt_event":"inst","ctxt_time":1470575487925,"ctxt_name":"种子搜索神器","ctxt_package":"com.yyojjjd.vdio","ctxt_version":"12","ctxt_updated_at":"2016-08-08 00:10:14","ctxt_created_at":"2016-08-08 00:00:14","ctxt_id":5174891},"@message":"user_events","@tags":["user_events"],"@type":"user_events"}
....
....其中有个字段叫ctxt_created_at的时间字段,格式如:"ctxt_created_at":"2016-08-08 00:00:14"
logstash的output的输出的时候,我想新增一个字段保存这个ctxt_created_at的年月日,格式如:"ctxt_created_at_format:"2016-08-08",问下各位,这个怎么实现?我用filter的date插件过滤不出来
配置文件
input {
file {
path => "C:/Users/Administrator/Desktop/datas/ue.log"
type => "user_events"
start_position => "beginning"
codec => "json"
}
}
filter {
if [type] == 'user_events' {
}
}
output {
stdout {
codec => rubydebug
}
}