logstash timestamp时间差8小时问题及解决

 

 

  

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
logstash中的时间与服务器时间差8小时,导致@timestamp字段中的时间不对,影响后续流程处理,因此修改logstash配置文件,主要修改 filter 中的字段:
 
apiVersion: v1
data:
  input_main: |-
    input {
      udp {
         port => 1514
         type => syslog
      }
      # tcp {
      #   port => 1514
      #   type => syslog
      # }
      redis {
        host => "192.21.19.33"
        password => VYaa0Ch
        key => "logstash"
        data_type => "list"
        codec => "json"
      }
    }
  output_main: |-
    filter {
      mutate {
        rename => { "@tags" => "channel" }
      }
        ruby {
                code => "event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60)"
        }
        ruby {
                code => "event.set('@timestamp',event.get('timestamp'))"
        }
        mutate {
                remove_field => ["timestamp"]
        }
 
    }
    output {
      stdout { codec => rubydebug }
      elasticsearch {
        hosts => ["192.168.11.38:9200"]
        manage_template => false
        index => "k8s-logstash-%{channel}-%{+YYYY.MM.dd}"
      }
    }
kind: ConfigMap
metadata:
  annotations:
  labels:
    app: logstash
    chart: logstash-0.6.3
    heritage: Tiller
    release: logstash
  name: logstash-pipeline
  namespace: elk

 

 

 

 

 

 

logstash timestamp时间差8小时问题及解决

 

 

 

 

 

posted @ 2020-07-07 18:02  滴滴滴  阅读(2329)  评论(0编辑  收藏  举报