如何将系统日志日期格式化为Logstash日期时间戳格式

时间:2019-07-10 13:01:41

标签: elasticsearch logstash kibana elastic-stack logstash-grok

我正在尝试将syslog日期格式转换为kibana可以识别的日期时间戳,因为一旦将日志处理为弹性搜索,该格式便始终显示为字符串。

这是我到目前为止尝试过的

input {
    file {
        path => "C:/Elasitcity/File Destination/logs2/*.*"
        start_position => "beginning"
        sincedb_path => "NUL"
         }
      }


filter {
        grok { 
            match => {"message" =>"%{SYSLOGTIMESTAMP:logstamp}.*POST for %{URIPATH:ServiceURI}"}
             }

         date {
    match => [ "logstamp", "MMM dd HH:mm:ss" ]

                       }    
             }
output  {
    elasticsearch {
                    hosts => "localhost"
                    index => "nextgen2" 
                    document_type => "netboading"
              }
            stdout {}
        }

我正在尝试从下面的该日志中提取日期

Jun 12 04:27:35 1560306455 INCOMING: information 22.244.42.41 Jun 12 04:27:22 DPPRD01 [host_services][0x80e0013a][mpgw][info] source-https(IMS_SSL_29982): trans(2797190703)[12.6.1.16]: Received HTTP/1.1 POST for /services/NHgetInternetLimitsV1 from 10.6.17.166

我只是在尝试进行弹性搜索,以将logstamp确认为kibana可用于仪表板目的的时间戳。

1 个答案:

答案 0 :(得分:1)

我认为您需要这样设置目标:

date{
  match => ["logstamp", "MMM dd HH:mm:ss", "ISO8601"]
  timezone => "Europe/Berlin"
  target => "@timestamp"
}