解析logstash中的日期字段以进行弹性搜索
[英]Parsing a date field in logstash to elastic search
问题描述
I am trying to parse log files from IIS to the ELK stack (Logstash:2.3, Elastic:2.3 and Kibana:4.5, CentOS 7 vm). 
我试图将日志文件从IIS解析到ELK堆栈(Logstash:2.3,Elastic:2.3和Kibana:4.5,CentOS 7 vm)。
I have attempted to parse a date field from the log message as the event timestamp using the date filter below in my logstash configuration: 我试图使用下面的logstash配置中的日期过滤器将日志消息中的日期字段解析为事件时间戳:
date {
match => ["date_timestamp", "yyyy-MM-dd HH:mm:ss"]
timezone => "Europe/London"
locale => "en"
target => "@timestamp"
}
The first few characters of the entire log message that was parsed to Elastic Search is: 解析到Elastic Search的整个日志消息的前几个字符是:
"message": "2016-03-01 03:30:49 .........
The date field above was parsed to Elastic Search as: 上面的日期字段被解析为“弹性搜索”:
"date_timestamp": "16-03-01 03:30:49",
However, the event timestamp that was parsed to Elastic Search using the date filter above is: 但是,使用上述日期过滤器解析为Elastic Search的事件时间戳为:
"@timestamp": "0016-03-01T03:32:04.000Z",
I will like the @timestamp to be exactly 2016-03-01T03:30:49 as I can't immediately figure out why there is a difference between the hours and minutes. 我希望@timestamp恰好是2016-03-01T03:30:49,因为我无法立即弄清楚为什么小时和分钟之间会有差异。
I have looked at similar problems and documentations such as this one on SO and this one on logstash documentation and logstash documentation. 我看过类似的问题和文档,例如SO上的这一问题和Logstash文档和Logstash文档中的这一问题。
Any pointer in the right direction will be appreciated. 任何朝着正确方向的指针将不胜感激。
Regards 问候
SO 所以
1 个解决方案
解决方案1
0 已采纳 2016-04-14 11:45:17
in your date_timestamp you have only 2 characters for year: " 16 -03-01 03:30:49", so the date pattern in your date filter is incorrect, should be: 在date_timestamp ,年份只有2个字符:“ 16 -03-01 03:30:49”,因此date过滤器中的日期格式不正确,应为:
date {
match => ["date_timestamp", "yy-MM-dd HH:mm:ss"]
timezone => "Europe/London"
locale => "en"
target => "@timestamp"
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.