Apply grok pattern based on the log file path

Rios · June 15, 2023, 4:29pm

Normally the date field should always have: date, time in ms set to UTC. For instance: 2023-06-15T16:44:01.123Z. It's not easy to understand why you have separate date and time. Most likely

Please do next for a single index which you prefer:

Add rubydebug to see how data looks like before ends in ES.

output {
    stdout { codec => rubydebug{} }
  elasticsearch { ...
  }
}

Copy the final grok version for index where data are not parse.
Run LS and copy how data looks originally and parsed in fields where data are not parse.

PS. Sorry for delay.

system · July 13, 2023, 4:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to apply different filters based on particular name of files without using Filebeat Logstash	5	864	July 16, 2019
Apply grok pattern based on logfile name Logstash	11	2226	February 26, 2020
Grok filter on logstash Logstash	5	439	March 30, 2020
Condition on filename in the path Logstash	3	2737	June 21, 2019
Multiple Grok pattern filters arent filtering multiple logs in one logstash file Logstash	8	3586	February 13, 2020

Apply grok pattern based on the log file path

Related topics