我得到这个错误“没有为[@timestamp]找到Map以便对日志进行排序”
我的conf文件
input { elasticsearch {
hosts => ["localhost"]
index => "employees_data"
query => '{ "query": { "match_all": { } } }'
scroll => "5m"
docinfo => true}}filter {elasticsearch {
hosts => ["localhost"]
index => "transaction_data"
query => "code:1"
fields => {
"code"=>"Code"
"payment" => "Payment"
"moth"=>"Month"}}}output {elasticsearch { hosts => ["localhost"]index => "join"}}
1条答案
按热度按时间5sxhfpxr1#
这是因为
sort
的参数elasticsearch
过滤器插件。如果未指定,则默认为@timestamp:desc
你可能没有这个领域。只要做以下改变,你就可以开始了: