|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
logstash中的時間與服務器時間差8小時,導致@timestamp字段中的時間不對,影響后續流程處理,因此修改logstash配置文件,主要修改 filter 中的字段:
apiVersion: v1
data:
input_main: |-
input {
udp {
port => 1514
type => syslog
}
# tcp {
# port => 1514
# type => syslog
# }
redis {
host =>
"192.21.19.33"
password => VYaa0Ch
key =>
"logstash"
data_type =>
"list"
codec =>
"json"
}
}
output_main: |-
filter {
mutate {
rename => {
"@tags"
=>
"channel"
}
}
ruby {
code =>
"event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60)"
}
ruby {
code =>
"event.set('@timestamp',event.get('timestamp'))"
}
mutate {
remove_field => [
"timestamp"
]
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => [
"192.168.11.38:9200"
]
manage_template =>
false
index =>
"k8s-logstash-%{channel}-%{+YYYY.MM.dd}"
}
}
kind: ConfigMap
metadata:
annotations:
labels:
app: logstash
chart: logstash-0.6.3
heritage: Tiller
release: logstash
name: logstash-pipeline
namespace
: elk
|
logstash timestamp時間差8小時問題及解決