Convert Unix Epoch to dateTime opensearch 将Unix时间戳转换为日期时间 opensearch

huangapple
go评论55阅读模式
英文:

Convert Unix Epoch to dateTime opensearch

问题

我有一个包含Unix Epoch时间戳的JSON日志数据字段,我想将它转换成可读的日期时间格式,如dd/MMM/yyyy:HH:mm:ss。

我尝试使用OpenSearch的数据预处理器,但我找不到Unix Epoch的模式来使用它。

我的JSON数据如下:

{"ua": "Mozilla/5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20SamsungBrowser/21.0%20Chrome/110.0.5481.154%20Safari/537.36", "customField": "1685959346", "key3": "test", "securityRule": "test|112122|super"}

如何实现这个转换?

英文:

I have a json log data with a field contain an Unxi Epoch in second and I want to convert it to humand readable pattern like dd/MMM/yyyy:HH:mm:ss.

I try to use data prepper of OpenSearch but i didnt found the Unix Epoch pattern to use it.

My json:

{"ua": "Mozilla/5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20SamsungBrowser/21.0%20Chrome/110.0.5481.154%20Safari/537.36", "customField": "1685959346", "key3": "test", "securityRule": "test|112122|super"}

How can achieve this ?

答案1

得分: 1

以下是翻译好的内容:

你可以使用摄取管道来完成此操作。在摄取过程中,Elasticsearch/OpenSearch将转换和丰富数据。

PUT _ingest/pipeline/epoch_conversion_pipeline
{
"description": "将Unix Epoch转换为可读格式",
"processors": [
{
"set": {
"field": "org_customField",
"value": "{{customField}}"
}
},
{
"script": {
"source": "ctx.customField = new SimpleDateFormat("dd/MMM/yyyy HH:mm:ss").format(new Date(Long.parseLong(ctx.org_customField) * 1000));"
}
}
]
}

PUT test_epoch_to_human
{
"settings": {
"default_pipeline": "epoch_conversion_pipeline"
}
}

POST test_epoch_to_human/_doc/1
{
"ua": "Mozilla/5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20SamsungBrowser/21.0%20Chrome/110.0.5481.154%20Safari/537.36",
"customField": "1685959346",
"key3": "test",
"securityRule": "test|112122|super"
}

GET test_epoch_to_human/_search

Convert Unix Epoch to dateTime opensearch 将Unix时间戳转换为日期时间 opensearch

英文:

You can use ingest pipeline for it. During ingestion, elasticsearch/opensearch will convert and enrich the data.

PUT _ingest/pipeline/epoch_conversion_pipeline
{
  "description": "Convert Unix Epoch to human-readable format",
  "processors": [
    {
      "set": {
        "field": "org_customField",
        "value": "{{customField}}"
      }
    },
    {
      "script": {
        "source": """
          ctx.customField = new SimpleDateFormat("dd/MMM/yyyy HH:mm:ss").format(new Date(Long.parseLong(ctx.org_customField) * 1000));
        """
      }
    }
  ]
}

PUT test_epoch_to_human
{
  "settings": {
    "default_pipeline": "epoch_conversion_pipeline"
  }
}

POST test_epoch_to_human/_doc/1
{
  "ua": "Mozilla/5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20SamsungBrowser/21.0%20Chrome/110.0.5481.154%20Safari/537.36",
  "customField": "1685959346",
  "key3": "test",
  "securityRule": "test|112122|super"
}

GET test_epoch_to_human/_search

Convert Unix Epoch to dateTime opensearch 将Unix时间戳转换为日期时间 opensearch

huangapple
  • 本文由 发表于 2023年6月6日 17:02:27
  • 转载请务必保留本文链接:https://go.coder-hub.com/76413004.html
  • opensearch
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定