Logstash日期过滤器
[英]Logstash Date Filter
问题描述
I have a log file which has date in following format 
我有一个日志文件,其日期具有以下格式
"respHdr":{"date":"Tue,%2008%20Jul%202014%2022:08:18%20GMT","expires":"Tue,%2008%20Jul%202014%2022:08:18%20GMT"}
How to parse the given date format using logstash Date filter? 如何使用logstash日期过滤器解析给定的日期格式?
1 个解决方案
解决方案1
1 已采纳 2014-08-27 13:30:53
It looks like your log is in JSON format with URLEncoded values in the date field, so the first thing you need to do is add codec=>json to your input , or json { source => message } . 看来您的日志是JSON格式的日期字段中带有URLEncoded值,因此您需要做的第一件事是在input添加codec=>json或json { source => message } 。
After you have things as events in Logstash, you'll want to decode the date fields: 在Logstash中将事件作为事件之后,您将需要解码日期字段:
urldecode { field => 'respHdr.date' }
urldecode { field => 'respHdr.expires' }
And then finally parse the dates in those fields: 然后最后解析这些字段中的日期:
date {
target => '@timestamp'
match => [ 'respHdr.date', 'WHATEVER_FORMAT_THAT_DATE_IS' ]
}
date {
target => 'expires'
match => [ 'respHdr.expires', 'WHATEVER_FORMAT_THAT_DATE_IS' ]
}
You'll need to consult logstash date documentation to figure out what format that date is. 您需要查阅logstash日期文档,以了解该日期的格式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.