Logstash Grok过滤器自定义日期
[英]Logstash grok filter custom date
问题描述
Im working on writing a logstash grok filter for syslog messages coming from my Synology box. 
我正在为来自Synology框的syslog消息编写一个logstash grok过滤器。 An example message looks like this. 消息示例如下所示。
Jun 3 09:39:29 diskstation Connection user:\tUser [user] logged in from [192.168.1.121] via [DSM].
Im having a hard time filtering out the weirdly formatted timestamp. 我很难过滤掉格式错误的时间戳。 Could anyone give me a helping hand here? 有人可以帮我吗? This is what I have so far. 到目前为止,这就是我所拥有的。
if [type] == "syslog" and [message] =~ "diskstation" {
grok {
match => [ "message", "%{HOSTNAME:hostname} %{WORD:program} %{GREEDYDATA:syslog_message}" ]
}
}
As you can probably tell I havent dealt with the timestamp yet at all. 如您所知,我还没有处理过时间戳。 Some help would be appreciated. 一些帮助,将不胜感激。
1 个解决方案
解决方案1
0 2015-06-03 08:11:39
The following config can help you to parse the log. 以下配置可以帮助您解析日志。
grok {
match => [ "message", "%{SYSLOGTIMESTAMP:date} %{HOSTNAME:hostname} %{WORD:program} %{GREEDYDATA:syslog_message}" ]
}
You can try your log and pattern at here and refer all the provided pattern at here . 您可以试试您的日志和模式在这里 ,并在指所有提供的模式在这里 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.