我的logstash conf.file是这样的:
input {
udp {
port => 12345
codec => "json"
type => "logback"
}
}
filter {
grok {
match => {
"message" => ".*(?<timestamp>\d{14}\.\d{4}[+-]\d{4})\d\d$"
}
}
date {
match => ["timestamp", "YYYY-MM-dd HH-mm"]
remove_field => ["timestamp"]
}
}
output {
file {
codec => line {format => "[%{@timestamp}] %{appname} [%{level}] [%{host}] --> %{[message]}"}
path => "app.log"
flush_interval => 10
}
}
因此,代替我的过滤器,时间戳输出具有以下格式:
[2018-08-23T07:25:36.485Z]
我也得到了 [“ _ grokparsefailure”] ,但不知道为什么