我需要在elk中启用date\u nanos支持,但是失败了。
我用docker提出了弹性+kibana+filebeat。而elastic的版本是7.9.0。
我设置了一个filebeat模板,它只是从原始fields.yml复制过来的,我只将日期的类型更改为“date\u nanos”,如下所示。
- key: ecs
title: ECS
description: ECS Fields.
fields:
- name: '@timestamp'
level: core
required: true
type: date_nanos
...然后我启用了filebeat的调试日志,日志显示Map已加载到elastic:
{"level":"info","timestamp":"2020-09-03T09:25:02.360Z","caller":"template/load.go:109","message":"Try loading template filebeat-7.9.0 to Elasticsearch"},
{"level":"debug","timestamp":"2020-09-03T09:25:02.364Z","logger":"esclientleg","caller":"eslegclient/connection.go:364","message":"PUT http://elasticsearch:9200/_template/filebeat-7.9.0 map[index_patterns:[filebeat-7.9.0-*] mappings:{\"_meta\":{\"beat\":\"filebeat\",\"version\":\"7.9.0\"},\"date_detection\":false,\"dynamic_templates\":[{\"labels\":{\"mapping\":{\"type\":\"keyword\"},\"match_mapping_type\":\"string\",\"path_match\":\"labels.*\"}},{\"container.labels\":{\"mapping\":{\"type\":\"keyword\"},\"match_mapping_type\":\"string\",\"path_match\":\"container.labels.*\"}},{\"dns.answers\":{\"mapping\":{\"type\":\"keyword\"},\"match_mapping_type\":\"string\",\"path_match\":\"dns.answers.*\"}},{\"log.syslog\":{\"mapping\":{\"type\":\"keyword\"},\"match_mapping_type\":\"string\",\"path_match\":\"log.syslog.*\"}},{\"network.inner\":{\"mapping\":{\"type\":\"keyword\"},\"match_mapping_type\":\"string\",\"path_match\":\"network.inner.*\"}},{\"observer.egress\":{\"mapping\":{\"type\":\"keyword\"},\"match_mapping_type\":\"string\",\"path_match\":\"observer.egress.*\"}},{\"observer.ingress\":{\"mapping\":{\"type\":\"keyword\"},\"match_mapping_type\":\"string\",\"path_match\":\"observer.ingress.*\"}},{\"fields\":{\"mapping\":{\"type\":\"keyword\"},\"match_mapping_type\":\"string\",\"path_match\":\"fields.*\"}},{\"docker.container.labels\":{\"mapping\":{\"type\":\"keyword\"},\"match_mapping_type\":\"string\",\"path_match\":\"docker.container.labels.*\"}},{\"kubernetes.labels.*\":{\"mapping\":{\"type\":\"keyword\"},\"match_mapping_type\":\"*\",\"path_match\":\"kubernetes.labels.*\"}},{\"kubernetes.annotations.*\":{\"mapping\":{\"type\":\"keyword\"},\"match_mapping_type\":\"*\",\"path_match\":\"kubernetes.annotations.*\"}},{\"docker.attrs\":{\"mapping\":{\"type\":\"keyword\"},\"match_mapping_type\":\"string\",\"path_match\":\"docker.attrs.*\"}},{\"kibana.log.meta\":{\"mapping\":{\"type\":\"keyword\"},\"match_mapping_type\":\"string\",\"path_match\":\"kibana.log.meta.*\"}},{\"strings_as_keyword\":{\"mapping\":{\"ignore_above\":1024,\"type\":\"keyword\"},\"match_mapping_type\":\"string\"}}],\"properties\":{\"@timestamp\":{\"type\":\"date_nanos\"},\"agent\":{\"properties\":{\"ephemeral_id\":{\"ignore_above\":1024,\"type\":\"keyword\"},
{"level":"info","timestamp":"2020-09-03T09:25:02.846Z","caller":"template/load.go:101","message":"template with name 'filebeat-7.9.0' loaded."},我可以在日志字符串中看到日期设置:
"properties\":{\"@timestamp\":{\"type\":\"date_nanos\"},但最后,Kibana的日期“类型”仍然显示“日期”而不是“日期”
我还能做些什么来支持date\u nanos吗?
1条答案
按热度按时间w51jfk4q1#
这个
Date索引模式中显示的类型与date_nanos键入索引Map。这个Date索引模式中的类型更多地用于格式化目的。kibana支持
date_nanos从7.3版开始。所以你已经可以走了,没什么可以改变的。