前几天的日志存储为文件扩展名DATE格式。 Please refer the pic of the place where logs are stored
请在下面找到我在配置文件中编写的代码。
input {
file {
path => "D:/elasticsearch-2.3.3/logs/elasticsearch.log.2016-08-24"
start_position => "beginning"
}
}
filter {
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output
{
stdout { codec => rubydebug }
elasticsearch { hosts => ["localhost:9200"] }
}