Conditionals and Dates

Jackal9301 · December 4, 2015, 1:46pm

Issue: I have a lot of different logs coming from 1 source and separate date formats.

Situation:
Hey everyone I have a conditional logstash file that takes a single input and runs multiple conditionals to determine which log file it is and how to parse it. My output is then to put them into Elasticsearch. I have roughly 40 logs i'm parsing therefor the date's of each log are different and different standards. All logs come from a single input with a header. I do an initial GROK to parse the header and put the rest of the data in a separate Log_message field. At this point before the sort to parse each field in the log the date is embedded in Log_message.

Question1: What is the best way to pull the date out of the Log_message and set it as the timestamp field in elastic and kibana?

warkolm · December 5, 2015, 4:53am

I want to say a date filter, but given your complexity I don't think that is what you want?

magnusbaeck · December 5, 2015, 4:29pm

Sounds like exactly what the grok and date filters are for. They both support trying multiple patterns and quitting on the first match they get.

Topic		Replies	Views
Parsing different date formats (difficult) Logstash	9	12878	August 2, 2018
Multiple dates in log file defining the @timestamp date Logstash	6	1098	July 6, 2017
Need help with the grok and the date filter for parsing logs Logstash	29	2720	July 25, 2017
Parse logfile date into Kibana's timestamp Logstash	18	4381	May 10, 2017
Logstash using date filter Logstash	4	3620	November 28, 2017

Conditionals and Dates

Related topics