Assume the date is current date if there is no date in log

alex88 · November 10, 2016, 7:54am

I have log:
08:42:21.706 [qtp1335954408-120] DEBUG i.s.client.http.JestHttpClient - POST method created based

It contains just time I need to add month and day . How can i do it with logstash filters?

magnusbaeck · November 10, 2016, 8:26am

You'll have to use a ruby filter for this. Use Ruby's standard date and time functions to add the date in the field where you currently have the time

alex88 · November 10, 2016, 8:55am

Can you please provide some example?

magnusbaeck · November 10, 2016, 9:27am

What part are you having trouble with, specifically? There are plenty of ruby filter examples out there.

alex88 · November 10, 2016, 10:17am

I have grok filter to parse this log

if [type] == "neo4j" {
grok {
match => [
"message", "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:severity} %{GREEDYDATA:message}",
"message", "%{TIME:timestamp} %{SYSLOG5424SD:data} %{LOGLEVEL:severity} %{GREEDYDATA:message}" ]
}
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}

but I got only time (because log has only time) How I can add day and month here?
thanks for reply magnusbaeck

system · December 8, 2016, 10:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date parsing log without date in it Logstash	4	1809	July 6, 2017
Time without a date field Logstash	4	5670	July 6, 2017
I want to add a date column to my logstash with a date i choose not a timestamp hellpp Logstash	4	301	March 24, 2020
Why i can't add a date field Logstash	11	1044	May 14, 2018
Logstah date help Logstash	7	829	January 17, 2017

Assume the date is current date if there is no date in log

Related topics