Logstash filter timestamp from a log message

Question

Logstash filter timestamp from a log message

I follow the Logstash tutorial and create the following configuration file for test purposes:

input {
  file {
    path => "C:\Dev\sample.log"
    start_position => beginning
  }
}
filter{
    date {
        match => [ "logdate", "YYYY-MM-dd HH:mm:ss,SSS" ]
    }
}
output {
  elasticsearch { host => localhost
                  index => "test"
                }
  stdout { codec => rubydebug }
}

However, the only fields that are displayed are: "message", "@ version", "@timestamp", "host" and "Path".

No "logdate". I searched for a while, and I saw that people having the same problem were setting the wrong date format, but I checked mine with "Joda-Time" as recommended by the Logstash tutorial. Thank you for your help.

+4

timestamp logging elasticsearch logstash

Jenninha May 19 '14 at 14:37

source share

2 answers

, logstash, :

- . regex, . : " - " .. , , ( ). .

, , grok , , .

+1

shmish111 19 '14 17:02

Jenninha · Accepted Answer · 2014-05-19T16:37:53+0000

I managed to get the result that I was looking for by doing the following:

    input {
  file {
    path => "C:\Dev\sample.log"
    start_position => beginning
  }
}
filter{
    grok {
       match => [ "message", "%{TIMESTAMP_ISO8601:logdate}" ]
    }       
    date {
        match => [ "logdate", "YYYY-MM-dd HH:mm:ss,SSS"]
    }
}
output {
  elasticsearch { host => localhost
                  index => "test"
                }
  stdout { codec => rubydebug }
}

, , , - . , ( ) ( ) ? , - - . !

Logstash filter timestamp from a log message

More articles: