问题描述
我收到此错误“找不到[@timestamp]的映射以对logstash进行排序”
我的conf文件
input { elasticsearch {
hosts => ["localhost"]
index => "employees_data"
query => '{ "query": { "match_all": { } } }'
scroll => "5m"
docinfo => true}}filter {elasticsearch {
hosts => ["localhost"]
index => "transaction_data"
query => "code:1"
fields => {
"code"=>"Code"
"payment" => "Payment"
"moth"=>"Month"}}}output {elasticsearch { hosts => ["localhost"]index => "join"}}
解决方法
这是因为elasticsearch过滤器插件的sort parameter。如果未指定,则默认为@timestamp:desc,并且您可能没有该字段。
只需进行以下更改,您就应该做好了准备:
filter {
elasticsearch {
hosts => ["localhost"]
index => "transaction_data"
query => "code:1"
sort => "code:asc" <--- add this line
fields => {
"code"=>"Code"
"payment" => "Payment"
"moth"=>"Month"
}
}
}