ElasticSearch 日期赋值

Nxlog date to elasticsearch

   

elasticsearch会自动检测日期类型，"2016-03-31 22:09:42"会当作字符串，"2016-03-31T22:09:42"、"2016-03-31T22:09:42Z"、"2016-03-31T22:09:42+08:00"会当做日期类型

   

Nxlog 配置如下

<Input IIS_Logs1>

Module im_file

File "E:\log\webapi\u_ex*.log"

SavePos TRUE

 

Exec if $raw_event =~ /^#/ drop();                                 \

else                                                         \

{                                                         \

w3c->parse_csv();                                         \

$EventTime10 = "2016-03-31T14:06:27.159Z";        \

$EventTime11 ="2016-03-31T22:09:42Z";        \

$EventTime12 ="2016-03-31T22:09:42+08:00";        \

$EventTime13 = ($date + "T" + $time+"+08:00");         \

$EventTime14 = ($date + "T" + $time+"Z");         \

$EventTime15 ="2016-03-31 22:09:42+08:00";        \

$EventTime16 ="2016-03-31Z";        \

$EventTime17 ="2016-03-31T22:09:42+08:00";        \

$SourceName = "IIS";                                        \

}

</Input>

   

<Output IIS_out1>

Module om_tcp

Host 127.0.0.1

Port 9999

Exec to_json();

</Output>

   

<Route 2>

Path IIS_Logs1 => IIS_out1

</Route>

   

日期格式如下，15，16是字符串类型