ElasticSearch6.X版本自动添加时间戳

需求：根据时间提取es数据
解决：为es的记录添加时间戳

1、方法

配置时间戳 pipeline

PUT _ingest/pipeline/my_timestamp_pipeline
{
  "description": "Adds a field to a document with the time of ingestion",
  "processors": [
    {
      "set": {
        "field": "@timestamp",
        "value": "{{_ingest.timestamp}}"
      }
    }
  ]
}

2、添加索引

#先创建索引
#语法：PUT /索引名
PUT /transactionmonitor-2021.12.15
{
    "settings": {
        "index": {
            "number_of_shards": 1,
            "number_of_replicas": 0
        }
    }
}

#在设置字段类型（es6.x版本）
#语法：PUT /索引库名/_mapping/类型名称
PUT /transactionmonitor-2021.12.15/_mapping/doc
{
    "properties": {
        "code": {
            "type": "text", 
            "fields": {
                "keyword": {
                    "type": "keyword"
                }
            }
        }, 
        "costTime": {
            "type": "long"
        }, 
        "endTime": {
            "type": "text", 
            "fields": {
                "keyword": {
                    "type": "keyword"
                }
            }
        }, 
        "host": {
            "type": "text", 
            "fields": {
                "keyword": {
                    "type": "keyword"
                }
            }
        }, 
        "isSuccess": {
            "type": "text", 
            "fields": {
                "keyword": {
                    "type": "keyword"
                }
            }
        }, 
        "isSyn": {
            "type": "text", 
            "fields": {
                "keyword": {
                    "type": "keyword"
                }
            }
        }, 
        "serviceName": {
            "type": "text", 
            "fields": {
                "keyword": {
                    "type": "keyword"
                }
            }
        }, 
        "startTime": {
            "type": "text", 
            "fields": {
                "keyword": {
                    "type": "keyword"
                }
            }
        }, 
        "transCode": {
            "type": "text", 
            "fields": {
                "keyword": {
                    "type": "keyword"
                }
            }
        }
    }
}

3、使用时间戳(添加数据)

POST /transactionmonitor-2021.12.15/doc?pipeline=my_timestamp_pipeline

POST /transactionmonitor-2021.12.15/doc?pipeline=my_timestamp_pipeline
{
    "msg": null, 
    "isSyn": "true", 
    "code": "0", 
    "serviceName": "wfservice",
    "costTime": 62, 
    "host": "127.0.0.1:8080", 
    "startTime": "2021-11-21 00:00:36.593", 
    "transCode": "GG02I023", 
    "endTime": "2021-11-21 00:00:36.655", 
    "isSuccess": "Y"
}

4、查询验证结果

GET /transactionmonitor-2021.12.15/doc/_search
{"query": {"match_all": {}}}
 
返回结果
{
  "took": 1,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 1,
    "max_score": 1,
    "hits": [
      {
        "_index": "transactionmonitor-2021.12.15",
        "_type": "doc",
        "_id": "gLEDvX0BdLj7MTacoc1Y",
        "_score": 1,
        "_source": {
          "msg": null,
          "isSyn": "true",
          "code": "0",
          "serviceName": "wfservice",
          "@timestamp": "2021-12-15T07:34:31.496Z",
          "costTime": 62,
          "host": "127.0.0.1:8080",
          "startTime": "2021-11-21 00:00:36.593",
          "transCode": "GG02I023",
          "endTime": "2021-11-21 00:00:36.655",
          "isSuccess": "Y"
        }
      }
    ]
  }
}

自动为数据添加上了@timestamp时间戳字段