stackoom
  简体   繁体   中英

Logstash Date Filter

 原文  2014-08-27 09:16:39       elasticsearch/ logstash/ kibana/ grok

Question

I have a log file which has date in following format 

"respHdr":{"date":"Tue,%2008%20Jul%202014%2022:08:18%20GMT","expires":"Tue,%2008%20Jul%202014%2022:08:18%20GMT"}

How to parse the given date format using logstash Date filter?

1 answers

solution1
 1 ACCPTED  2014-08-27 13:30:53

It looks like your log is in JSON format with URLEncoded values in the date field, so the first thing you need to do is add codec=>json to your input , or json { source => message } .

After you have things as events in Logstash, you'll want to decode the date fields: 

urldecode { field => 'respHdr.date' }
urldecode { field => 'respHdr.expires' }

And then finally parse the dates in those fields: 

date {
  target => '@timestamp'
  match => [ 'respHdr.date', 'WHATEVER_FORMAT_THAT_DATE_IS' ]
}
date {
  target => 'expires'
  match => [ 'respHdr.expires', 'WHATEVER_FORMAT_THAT_DATE_IS' ]
}

You'll need to consult logstash date documentation to figure out what format that date is.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question LogStash date filter error Logstash date filter not working Logstash date filter no longer matching Logstash date parsing as timestamp using the date filter Logstash Date filter on special date format create a Grok filter for a specific date pattern in logstash Logstash and ElasticSearch filter Date @timestamp issue Custom date time is same but not matching in grok date filter logstash Date filter in logstash: bad results(shows one day back) Logstash jdbc plugin: how use a date filter for a column?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM