[日志处理工作之四]从flume采集的event中提取能被kibana识别的时间戳 and 对比flume与logstash

1.extract timestamp field from events

use org.apache.flume.interceptor.RegexExtractorInterceptorMillisSerializer as the i1 interceptor's serializer

agent.sources.source1.interceptors.i1.type=regex_extractor

agent.sources.source1.interceptors.i1.regex =(\\d\\d\\d\\d-\\d\\d-\\d\\d-\\d\\d.\\d\\d.\\d\\d).\\d\\d\\d\\d\\d\\d[+]\\d\\d\\d\\s+

agent.sources.source1.interceptors.i1.serializers=s1

agent.sources.source1.interceptors.i1.serializers.s1.name=timestamp

agent.sources.source1.interceptors.i1.serializers.s1.type=org.apache.flume.interceptor.RegexExtractorInterceptorMillisSerializer

agent.sources.source1.interceptors.i1.serializers.s1.pattern=yyyy-MM-dd-HH.mm.ss

2. the comparation betwwen flume and logstash refer to Links document

贴上文档的截图吧