找不到 [@timestamp] 的映射以对 logstash 进行排序
No mapping found for [@timestamp] in order to sort logstash
我收到此错误“找不到 [@timestamp] 的映射以便对 logstash 进行排序”
我的配置文件
input { elasticsearch {
hosts => ["localhost"]
index => "employees_data"
query => '{ "query": { "match_all": { } } }'
scroll => "5m"
docinfo => true}}filter {elasticsearch {
hosts => ["localhost"]
index => "transaction_data"
query => "code:1"
fields => {
"code"=>"Code"
"payment" => "Payment"
"moth"=>"Month"}}}output {elasticsearch { hosts => ["localhost"]index => "join"}}
这是因为 elasticsearch 过滤器插件的 sort parameter。如果未指定,则默认为 @timestamp:desc,您可能没有该字段。
只需进行以下更改,您就可以开始了:
filter {
elasticsearch {
hosts => ["localhost"]
index => "transaction_data"
query => "code:1"
sort => "code:asc" <--- add this line
fields => {
"code"=>"Code"
"payment" => "Payment"
"moth"=>"Month"
}
}
}
我收到此错误“找不到 [@timestamp] 的映射以便对 logstash 进行排序”
我的配置文件
input { elasticsearch {
hosts => ["localhost"]
index => "employees_data"
query => '{ "query": { "match_all": { } } }'
scroll => "5m"
docinfo => true}}filter {elasticsearch {
hosts => ["localhost"]
index => "transaction_data"
query => "code:1"
fields => {
"code"=>"Code"
"payment" => "Payment"
"moth"=>"Month"}}}output {elasticsearch { hosts => ["localhost"]index => "join"}}
这是因为 elasticsearch 过滤器插件的 sort parameter。如果未指定,则默认为 @timestamp:desc,您可能没有该字段。
只需进行以下更改,您就可以开始了:
filter {
elasticsearch {
hosts => ["localhost"]
index => "transaction_data"
query => "code:1"
sort => "code:asc" <--- add this line
fields => {
"code"=>"Code"
"payment" => "Payment"
"moth"=>"Month"
}
}
}