我在弹性搜索中设置了一个观察者,并希望将时间戳作为我电子邮件中的字段之一发送。当前发送电子邮件时的时间是 UTC 时间。是否可以格式化此值以显示本地时区的时间?
更新:添加了当前配置
{
"trigger": {
"schedule": {
"interval": "24h"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"dev*"
],
"rest_total_hits_as_int": true,
"body": {
"query": {
"bool": {
"must": [
{
"match_phrase": {
"messageTemplate": "Could not decompress file {FileName} for task: {TaskId}"
}
}
],
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": "now-24h",
"lte": "now"
}
}
}
]
}
}
}
},
"aggs": {
"task_name": {
"terms": {
"field": "fields.TaskName.keyword"
},
"aggregations": {
"reason": {
"terms": {
"field": "fields.ExceptionMessage.keyword"
},
"aggregations": {
"file_name": {
"terms": {
"field": "fields.FileName.keyword"
},
"aggregations": {
"fail_time": {
"date_histogram": {
"field": "@timestamp",
"calendar_interval": "1s",
"format": "MM-dd-yyyy hh:mm:ss a"
}
}
}
}
}
}
}
}
}
}
}
}
},
"condition": {
"compare": {
"ctx.payload.hits.total": {
"gte": 1
}
}
},
"actions": {
"email_users": {
"email": {
"profile": "standard",
"to": [
"j@somedomain.com"
],
"subject": "DEV: Failed to Decompress File",
"body": {
"html": "<p>The following files could not be decompressed/unzipped. <div><ul>{{#ctx.payload.aggregations.task_name.buckets}}<li>There were {{#doc_count}}{{.}}{{/doc_count}} files that could not be decompressed/unzipped for {{#key}}{{.}}{{/key}}.<ul>{{#reason.buckets}}<li>{{#doc_count}}{{.}}{{/doc_count}} items failed for reason: {{#key}}{{.}}{{/key}}<ul>{{#file_name.buckets}}<li>{{#key}}{{.}}{{/key}} failed at {{#fail_time.buckets.0.key_as_string}}{{.}}{{/fail_time.buckets.0.key_as_string}}</li>{{/file_name.buckets}}</ul></li>{{/reason.buckets}}</ul></li>{{/ctx.payload.aggregations.task_name.buckets}}</ul></div><p>These files were sent to quarantine</p>"
}
}
}
}
}
Elastic 和 Kibana 对我来说是新的,所以可能有更好的方法来执行这种搜索和聚合。如果是这样,我愿意接受建议。