我有这个日志文件,我希望通过logstash将其值插入到elasticsearch中。我想写一个.conf文件。如果按原样插入,则以“14 / Nov / 2014 08:56:23”的形式的日期属性被读作字符串。我想格式化它,以便它被读作日期。我想只在logstash .conf文件中进行更改。我该怎么办呢?此外,是否可以将该日期设置为时间戳??
我的配置文件文件如下所示:
input {
file {
path => "/home/sagnik/NGINX\ LOGS/access.log.4"
start_position => beginning
}
}
filter {
if [path] =~ "access" {
mutate { replace => { "type" => "apache_access" } }
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
elasticsearch {
host => localhost
}
stdout { codec => rubydebug }
}
我的日志就像:
192.168.3.33 - - [14/Nov/2014:04:03:01 +0530] "GET /static/img/erecharge/datacard_2.png HTTP/1.1" 200 12892 "http://ph.kuchvi.com/agent?action1=TRSRC&country=JV&productType=MOBILE" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36" "203.111.224.53, 23.76.205.89"
我以字符串格式
获取日期