Kibana - 与此索引模式匹配的索引不包含任何时间字段
Kibana - The indices which match this index pattern don't contain any time fields
这是我的定义:
@Store(type="elasticsearch", hostname="localhost", username="elastic", password="changeme", port='9200', index.name = 'frauds', index.type='_doc')
define table FraudIndex (timestamp long, creditCardNo string, suspiciousTrader string, amount double, currency string);
这是我的查询:
@info(name='SuspiciousTradeES')
from TradeStream as t join FraudTable as f
on t.creditCardNo == f.creditCardNo
select eventTimestamp() as timestamp, t.creditCardNo, t.trader as suspiciousTrader, t.amount as amount, t.currency as currency
insert into FraudIndex;
不幸的是,Kibana 无法识别和时间字段,因为它是 'number'。
我应该如何结束可能的时间戳?
编辑:我还可以添加一个问题,我如何使用 WSO2SI 中的地图和 geo_point 类型?
手动准备了我的映射并且它起作用了。
{
"properties": {
"timestamp": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss"
},
"creditCardNo": {
"type": "keyword"
},
"suspiciousTrader": {
"type": "keyword"
},
"coordinates": {
"type": "geo_point"
},
"amount": {
"type": "double"
},
"currency": {
"type": "keyword"
}
}
}
我在尝试创建索引模式时在第 2 步遇到了同样的问题。
我的 Logstash 模板如下所示:
input {
beats {
port => 5044
host => "0.0.0.0"
}
}
filter {
json {
source => "message"
}
mutate {
convert => {
"startTime" => string
}
}
date {
match => [ "startTime" , "yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'" ]
timezone => "UTC"
target => "@timestamp"
}
mutate {
remove_field => [ "startTime", "@version", "tags", "message", "ecs", "agent", "input", "host" ]
}
}
output {
elasticsearch {
hosts => "${es_host}"
user => "${es_user}"
password => "${es_pwd}"
index => "xxx-development-%{+YYYY.MM.dd}"
ilm_enabled => true
ilm_rollover_alias => "xxx-development"
ilm_policy => "xxx-development"
}
}
Filebeat 收集的示例日志消息如下所示:
{"startTime":"2021-12-02T05:56:04.696Z","level":"FATAL","serviceName":"ABC","pid":3674,"logId":"App Unhandled Rejection","data":"blah" ,"ServicePid":3674}}}
我的索引模板有:
"properties": {
"@timestamp": {
"type": "date"
},
我不知道我还能检查什么来让它工作。
这是我的定义:
@Store(type="elasticsearch", hostname="localhost", username="elastic", password="changeme", port='9200', index.name = 'frauds', index.type='_doc')
define table FraudIndex (timestamp long, creditCardNo string, suspiciousTrader string, amount double, currency string);
这是我的查询:
@info(name='SuspiciousTradeES')
from TradeStream as t join FraudTable as f
on t.creditCardNo == f.creditCardNo
select eventTimestamp() as timestamp, t.creditCardNo, t.trader as suspiciousTrader, t.amount as amount, t.currency as currency
insert into FraudIndex;
不幸的是,Kibana 无法识别和时间字段,因为它是 'number'。
我应该如何结束可能的时间戳?
编辑:我还可以添加一个问题,我如何使用 WSO2SI 中的地图和 geo_point 类型?
手动准备了我的映射并且它起作用了。
{
"properties": {
"timestamp": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss"
},
"creditCardNo": {
"type": "keyword"
},
"suspiciousTrader": {
"type": "keyword"
},
"coordinates": {
"type": "geo_point"
},
"amount": {
"type": "double"
},
"currency": {
"type": "keyword"
}
}
}
我在尝试创建索引模式时在第 2 步遇到了同样的问题。
我的 Logstash 模板如下所示:
input {
beats {
port => 5044
host => "0.0.0.0"
}
}
filter {
json {
source => "message"
}
mutate {
convert => {
"startTime" => string
}
}
date {
match => [ "startTime" , "yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'" ]
timezone => "UTC"
target => "@timestamp"
}
mutate {
remove_field => [ "startTime", "@version", "tags", "message", "ecs", "agent", "input", "host" ]
}
}
output {
elasticsearch {
hosts => "${es_host}"
user => "${es_user}"
password => "${es_pwd}"
index => "xxx-development-%{+YYYY.MM.dd}"
ilm_enabled => true
ilm_rollover_alias => "xxx-development"
ilm_policy => "xxx-development"
}
}
Filebeat 收集的示例日志消息如下所示:
{"startTime":"2021-12-02T05:56:04.696Z","level":"FATAL","serviceName":"ABC","pid":3674,"logId":"App Unhandled Rejection","data":"blah" ,"ServicePid":3674}}}
我的索引模板有:
"properties": {
"@timestamp": {
"type": "date"
},
我不知道我还能检查什么来让它工作。