logstash 毫秒时间戳格式化

logstash 时间戳格式化

毫秒时间戳加 8 小时, 格式化

  # add 8 hours
  ruby {code => "event.set('tmp_time', event.get('nowtime').to_i + 28800000)"}
  date {

    match => ["tmp_time", "UNIX_MS"]
    target => "tmp_datetime"
    timezone => "Asia/Shanghai"
    #timezone => "America/Los_Angeles"
    locale => "cn"

  }
  grok {
    match => {
      "tmp_datetime" => ["(?<date_year>[0-9]{4})-(?<date_month>[0-9]{2})-(?<date_day>[0-9]{2}).*"]
    }
  }