0

这是我的定义:

@Store(type="elasticsearch", hostname="localhost", username="elastic", password="changeme", port='9200', index.name = 'frauds', index.type='_doc') 
define table FraudIndex (timestamp long, creditCardNo string, suspiciousTrader string, amount double, currency string);

这是我的查询:

@info(name='SuspiciousTradeES')
from TradeStream as t join FraudTable as f
    on t.creditCardNo == f.creditCardNo
select eventTimestamp() as timestamp, t.creditCardNo, t.trader as suspiciousTrader, t.amount as amount, t.currency as currency
insert into FraudIndex;

不幸的是,Kibana 无法识别和时间字段,因为它是一个“数字”。

我应该如何以可能的时间戳结束?

编辑:我还可以添加一个问题,我如何使用 WSO2SI 中的地图和 geo_point 类型?

4

2 回答 2

0

手动准备我的映射并且它有效。

{    
    "properties": {
        "timestamp": {
            "type": "date",
            "format": "yyyy-MM-dd HH:mm:ss"
        },
        "creditCardNo": {
            "type": "keyword"
        },
        "suspiciousTrader": {
            "type": "keyword"
        },
        "coordinates": {
            "type": "geo_point"
        },
        "amount": {
            "type": "double"
        },
        "currency": {
            "type": "keyword"
        }
    }
}
于 2020-12-12T21:39:57.367 回答
0

尝试创建索引模式时,我在第 2 步遇到了同样的问题。

我的 Logstash 模板如下所示:

input {
  beats {
    port => 5044
    host => "0.0.0.0"
  }
}

filter {

  json {
    source => "message"
  }

  mutate {
    convert => {
      "startTime" => string
    }
  }
 
 date {
    match => [ "startTime" , "yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'" ]
    timezone => "UTC"
    target => "@timestamp"
 }

 mutate {
    remove_field => [ "startTime", "@version", "tags", "message", "ecs", "agent", "input", "host" ]
  }
}

output {
  elasticsearch {
    hosts => "${es_host}"
    user => "${es_user}"
    password => "${es_pwd}"
    index => "xxx-development-%{+YYYY.MM.dd}"
    ilm_enabled => true
    ilm_rollover_alias => "xxx-development"
    ilm_policy => "xxx-development"
  }
}

Filebeat 收集的示例日志消息如下所示:

{"startTime":"2021-12-02T05:56:04.696Z","level":"FATAL","serviceName":"ABC","pid":3674,"logId":"App Unhandled Rejection","data":"blah" ,"ServicePid":3674}}}

我的索引模板有:

"properties": {
        "@timestamp": {
          "type": "date"
        },

我不知道我还能检查什么才能使它正常工作。

于 2022-01-04T05:04:58.737 回答