#test {"time":1504752032399,"date":"2017-09-08 12:00:00","str":"ddse\r\n}
input {
stdin {
codec => json }
}
filter {
mutate {
add_field => {
"field1" => "%{time}"
}
}
date {
match => ["date","YYYY-MM-dd HH:mm:ss"]
timezone => "+00:00"
target =>"logdate"
}
ruby {
code => "
event.set('field2', Time.at(event.get('@timestamp').to_f+8*60*60))
timestamp=Time.at(event.get('time').to_f/1000 + 8*60*60)
event.set('timestamp',timestamp)
event.set('@timestamp',event.get('timestamp'))
event.set('string_length',event.get('str').lstrip.rstrip.length)
"
}
}
output {
stdout {
codec => rubydebug
}
}
