找不到[@timestamp]的Map,无法对日志存储进行排序

pes8fvy9  于 2021-06-10  发布在  ElasticSearch
关注(0)|答案(1)|浏览(372)

我得到这个错误“没有为[@timestamp]找到Map以便对日志进行排序”
我的conf文件

input { elasticsearch {

 hosts => ["localhost"]
 index => "employees_data"
 query => '{ "query": { "match_all": { } } }'
 scroll => "5m"
 docinfo => true}}filter {elasticsearch {
 hosts => ["localhost"]
 index => "transaction_data"
 query => "code:1"
 fields => { 
             "code"=>"Code"
             "payment" => "Payment"
             "moth"=>"Month"}}}output {elasticsearch { hosts => ["localhost"]index => "join"}}
5sxhfpxr

5sxhfpxr1#

这是因为 sort 的参数 elasticsearch 过滤器插件。如果未指定,则默认为 @timestamp:desc 你可能没有这个领域。
只要做以下改变,你就可以开始了:

filter {
    elasticsearch {
        hosts => ["localhost"]
        index => "transaction_data"
        query => "code:1"
        sort => "code:asc"                   <--- add this line
        fields => {
            "code"=>"Code"
            "payment" => "Payment"
            "moth"=>"Month"
        }
    }
}

相关问题