0
PUT _xpack/watcher/watch/log_error_watch
{
"trigger": {
"schedule": {
"interval": "10s"
}
},
"input": {
"search": {
"request": {
"indices": [
"filebeat-2017.01.02"
],
"body": {
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
],
"query": {
"range": {
"offset": {
"gte": 1000,
"lte": 2000
}
},
"match": {
"source": "/var/log/apache2/access.log"
}
},
"size": 5
}
}
}
}
}
[oemjJvmGcMonitorService] [HJ-test156] [GC] [11042]開銷,花費[701ms]在最後[1S] [2017-01-02T15收集:32:04311 ] [錯誤] [oexwisExecutableSimpleInput] [hj-test156]未能執行手錶[log_error_watch]的[搜索]輸入,原因[[範圍]格式錯誤的查詢,預計[END_OBJECT],但找到[FIELD_NAME]]Elasticearch觀察者誤差範圍
謝謝。我如何與日期做同樣的事情。我如何選擇格式爲「@timestamp」的日期範圍:「2017-01-02T05:23:34.731Z」 –