我正在尝试将syslog日期格式转换为kibana可以识别的日期时间戳,因为一旦将日志处理为弹性搜索,该格式便始终显示为字符串。
这是我到目前为止尝试过的
input {
file {
path => "C:/Elasitcity/File Destination/logs2/*.*"
start_position => "beginning"
sincedb_path => "NUL"
}
}
filter {
grok {
match => {"message" =>"%{SYSLOGTIMESTAMP:logstamp}.*POST for %{URIPATH:ServiceURI}"}
}
date {
match => [ "logstamp", "MMM dd HH:mm:ss" ]
}
}
output {
elasticsearch {
hosts => "localhost"
index => "nextgen2"
document_type => "netboading"
}
stdout {}
}
我正在尝试从下面的该日志中提取日期
Jun 12 04:27:35 1560306455 INCOMING: information 22.244.42.41 Jun 12 04:27:22 DPPRD01 [host_services][0x80e0013a][mpgw][info] source-https(IMS_SSL_29982): trans(2797190703)[12.6.1.16]: Received HTTP/1.1 POST for /services/NHgetInternetLimitsV1 from 10.6.17.166
我只是在尝试进行弹性搜索,以将logstamp确认为kibana可用于仪表板目的的时间戳。
答案 0 :(得分:1)
我认为您需要这样设置目标:
date{
match => ["logstamp", "MMM dd HH:mm:ss", "ISO8601"]
timezone => "Europe/Berlin"
target => "@timestamp"
}