简体   繁体   中英

How do you extract a time stamp using logstash and grok?

I'm trying to extract a timestamp using TIME from grok in logstash, but the extraction is unsucessful.

I'm using a grok pattern, but it is not matching or returning anything.

2019-07-30 14:12:23 - main - INFO - metro crawler completed runtime:00:00:02

%{TIMESTAMP_ISO8601:timestamp}%{GREEDYDATA}-%{SPACE}%{GREEDYDATA:crawler}%{SPACE}-%{SPACE}%{LOGLEVEL:level}%{TIME:time}

I'm getting no matches

You may use

%{TIMESTAMP_ISO8601:timestamp}%{SPACE}-%{SPACE}%{DATA:crawler}%{SPACE}-%{SPACE}%{LOGLEVEL:level}%{DATA}%{TIME:time}

See the debug output:

{
  "timestamp": [
    [
      "2019-07-30 14:12:23"
    ]
  ],
  "crawler": [
    [
      "__main__"
    ]
  ],
  "level": [
    [
      "INFO"
    ]
  ],
  "time": [
    [
      "00:00:02"
    ]
  ]
}

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM