[elk@Vsftp logstash]$ cat grok.conf
input {stdin {}}
filter {
grok {
match =>{
"message" =>"\s+(?<request_time>\d+(?:\.\d+)?)\s+"
}
}
}
output {
stdout {
codec => rubydebug
}
}
[elk@Vsftp logstash]$ logstash -f grok.conf
Settings: Default pipeline workers: 4
Pipeline main started
BEGIN 123.321 END
{
"message" => "BEGIN 123.321 END",
"@version" => "1",
"@timestamp" => "2017-02-08T07:08:17.638Z",
"host" => "Vsftp",
"request_time" => "123.321"
}
可以看到这里时间变成了字符串
[elk@Vsftp logstash]$ cat grok.conf
input {stdin {}}
filter {
grok {
match =>{
"message" =>"\s+(?<request_time>\d+(?:\.\d+)?)\s+"
}
}
mutate {
convert =>["request_time","float"]
}
}
output {
stdout {
codec => rubydebug
}
}
[elk@Vsftp logstash]$ logstash -f grok.conf
Settings: Default pipeline workers: 4
Pipeline main started
BEGIN 123.321 END
{
"message" => "BEGIN 123.321 END",
"@version" => "1",
"@timestamp" => "2017-02-08T07:11:06.794Z",
"host" => "Vsftp",
"request_time" => 123.321
}
把字符串转换我float
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
