自定义日期时间相同,但在grok日期过滤器logstash中不匹配
[英]Custom date time is same but not matching in grok date filter logstash
问题描述
The input is comma separated values: "2010-08-19","09:12:55","56095675" 
输入为逗号分隔值:“ 2010-08-19”,“ 09:12:55”,“ 56095675”
I created the custom date_time field which appears to right format 2010-08-19;09:12:55 but not matching . 我创建了自定义date_time字段,该字段显示为正确格式2010-08-19;09:12:55 但不匹配 。
filter {
grok {
match => { "message" => '"(%{GREEDYDATA:cust_date})","(%{TIME:cust_time})","(%{NUMBER:author})"'}
add_field => {
"date_time" => "%{cust_date};%{cust_time}"
}
}
date {
match => ["date_time", "yyyy-MM-dd;hh:mm:ss"]
target => "@timestamp"
add_field => { "debug" => "timestampMatched"}
}
Output on Kibana: 在Kibana上的输出:
cust_date August 18th 2010, 20:00:00.000
cust_time 09:12:55
date_time 2010-08-19;09:12:55
message "2010-08-19","09:12:55","56095675"
tags beats_input_codec_plain_applied, _dateparsefailure
It gives _dateparsefailure . 它给出_dateparsefailure 。 The fields appear to be same as match pattern. 这些字段似乎与匹配模式相同。 I tried different time format like YYYY-MM-dd;hh:mm:ss and YYYY-MM-dd;HH:mm:ss What am I doing wrong? 我尝试了其他时间格式,例如YYYY-MM-dd;hh:mm:ss和YYYY-MM-dd;HH:mm:ss我在做什么错? Help! 救命!
1 个解决方案
解决方案1
0 2017-04-10 10:21:22
You should put the date plugin inside the filter section, right under grok . 您应该将date插件放在filter部分的grok下。
filter {
grok {
match => { "message" => '"(%{GREEDYDATA:cust_date})","(%{TIME:cust_time})","(%{NUMBER:author})"'}
add_field => {
"date_time" => "%{cust_date};%{cust_time}"
}
date {
match => ["date_time", "yyyy-MM-dd;hh:mm:ss"]
target => "@timestamp"
add_field => { "debug" => "timestampMatched"}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.