crisx
Reputation: 33
Replace date from message to @timestamp in Logstash
I have this log http://wklej.org/id/2777228/ and i want date from this log to be timestamp. My config file:
But thid ont work. http://wklej.org/id/2777230/
Upvotes: 0
Views: 380
Answers (1)
Mrunal Pagnis
Reputation: 809
This is what I tried and it worked for me:
filter {
grok{
match => {"message" => "%{TIMESTAMP_ISO8601:myTimestamp}"}
}
date {
locale => "en"
match => ["myTimestamp", "YYYY-MM-dd HH:mm:ss,SSS", "ISO8601"]
timezone => "Europe/Warsaw"
add_field => { "debug" => "timestampMatched"}
}
}
Output:
"_source": {
"message": "2016-08-03 10:19:44,503 [DEBUG] NHibernate.SQL: SELECT this_.ID as ID6_0_, this_.Valor as Valor6_0_, this_.ANALYTIC_DATA_ID as ANALYTIC3",
"@version": "1",
"@timestamp": "2016-08-03T08:19:44.503Z",
"host": "RST-Mrunal",
"myTimestamp": "2016-08-03 10:19:44,503",
"debug": "timestampMatched"
}
Hope it helps!
Upvotes: 1
Related Questions
- Replace @timestamp in logstash
- Logstash Grok Modifying and overwriting @timestamp
- Using log timestamp as @timestamp in elasticsearch
- Logstash replace @timestamp with syslog date
- Logstash: Replacing timestamp from message not working
- Writing to @timestamp in LogStash
- Update @timetamp field in logstash with custom timestamp value
- How to modify @timestamp with an entry in logs using logstash
- Logstash filter timestamp from log message
- Logstash converting date to valid joda time (@timestamp)