logstash版本6.3.2,解决方式如下,不需要修改源码:
1 input { 2 redis { 3 host => "127.0.0.1" 4 port => "6379" 5 password => "password" 6 db => 0 7 key => "key_test" #队列名称 8 data_type => "list" #队列类型 9 threads => 1 10 } 11 } 12 filter { 13 ruby { 14 code => "event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60)" 15 } 16 ruby { 17 code => "event.set('@timestamp',event.get('timestamp'))" 18 } 19 mutate { 20 remove_field => ["timestamp"] 21 } 22 } 23 output { 24 elasticsearch { 25 hosts => ["127.0.0.1:9200"] 26 action => index 27 index => "index_test" #es中的索引名称 28 document_id => "%{id}" #以数据中的哪个字段做es中的_id 29 document_type => "type_test" #es中的mapping名称 30 codec => json_lines 31 } 32 file { 33 path => "/root/data/%{+yyyyMMddHH}.txt" 34 } 35 }
logstash生成文件名中的日期是从@timestamp字段的值中获取,通过设置filter将timestamp中的时间转换成系统时间,问题解决。