我正在尝试使用logstash将电子邮件编入elasticsearch中
我的conf文件是这样的:
sudo bin/logstash -e 'input
{ imap
{ host => "imap.googlemail.com"
password => "********"
user => "********@gmail.com"
port => 993
secure => "true"
check_interval => 10
folder => "Inbox"
verify_cert => "false" } }
output
{ stdout
{ codec => rubydebug }
elasticsearch
{ index => "emails"
document_type => "email"
hosts => "localhost:9200" } }'
问题是输出的两个字段被解析为String字段,但它们应该是“date”字段
字段格式如下:
"x-dbworld-deadline" => "31-Jul-2019"
"x-dbworld-start-date" => "18-Nov-2019"
如何将这两个字段转换为日期字段?
谢谢!
最佳答案
如何在Elasticsearch上创建索引映射。
它可能看起来像这样:
PUT date-test-191211
{
"mappings": {
"_doc": {
"properties": {
"x-dbworld-deadline": {
"type": "date",
"format": "dd-MMM-yyyy"
},
"x-dbworld-start-date": {
"type": "date",
"format": "dd-MMM-yyyy"
}
}
}
}
}
然后,将这些字段识别为日期格式:
结果:
[
关于elasticsearch - 在Logstash中将字段从字符串转换为日期,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59256618/