问题
I have configured fluentd and elasticsearch and they both are working fine. I am tailing a file and then reading its data and publishing it to elasticsearch. Below is the json data:
{"time": "2018-05-14T11:37:30.339593", "Data count": 78, "Data status": "Sent", "DataId": "332"}
and below is the fluentd configuration file:
<source>
@type tail
time_key time
path /home/user/file.json
format json
tag first
</source>
<match *first*>
@type elasticsearch
hosts 192.168.196.118:9200
user <username>
password <password>
index_name myindex
type_name mytype
id_key 100
time_key time
</match>
In the above configuration file, I have added time_key as time is the time which I want to use from json data. But the data which I receive in the elasticsearch do not contain any time data.
Also, I am using id_key but in the elasticsearch, id_key is some random values.
Please help. Thanks
回答1:
Try to inject the value you want:
<inject>
time_key @log_time
time_format %Y%m%dT%H%M%S%z
</inject>
Follow instructions at: https://docs.fluentd.org/v1.0/articles/inject-section
回答2:
I resolved this issue. I didnt have to add anything extra in the config file. I simply selected time as time field in elasticsearch.
来源:https://stackoverflow.com/questions/50329459/how-to-add-timestamp-key-for-elasticsearch-using-fluent