efk/pipelines/monitor-net.json

curl -H "Content-Type: application/json" -X PUT http://127.0.0.1:9200/_ingest/pipeline/monitor-net -d '
{
    "description": "monitor-net",
    "processors": [
      {
        "grok": {
          "field": "message",
          "patterns": [
            "^%{MONITOR_TIME:monitor.time} %{DATA:monitor.net.dev} %{NUMBER:monitor.net.rx} %{NUMBER:monitor.net.tx}"
          ],
          "pattern_definitions" : {
            "MONITOR_TIME" : "^20[0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9]"
          },
          "ignore_missing" : true,
          "ignore_failure" : true
        }
      },
      {
        "rename" : {
          "field" : "@timestamp",
          "target_field" : "read_timestamp"
        }
      },
      {
        "date" : {
          "formats" : [
            "YYYY-MM-dd H:m:s"
          ],
          "timezone" : "Asia/Shanghai",
          "field" : "monitor.time",
          "target_field" : "@timestamp",
          "ignore_failure" : true
        }
      },
      {
        "convert": {
          "field": "monitor.net.rx",
          "type": "float"
        }
      },
      {
        "convert": {
          "field": "monitor.net.tx",
          "type": "float"
        }
      },
      {
        "remove": {
          "field": "monitor.time"
        }
      },
      {
        "remove": {
          "field": "message"
        }
      }
    ]
  }'