Hi!
I'm currently using two different custom patterns that I've made in my logstash config. One pattern serves the purpose of filter a certain word in a filepath in the event message in every log and take out that particular word and turn it into a field. The other custom pattern serves the purpose of creating an own timestamp based on the date stated in every event in the log file and then populate the standard @timestamp field.
This works partly although the second custom pattern doesn't care about the events where the particular word from the first custom patterns exist. So to clear this out. Where the first custom pattern is a match logstash automatically skips the second pattern. How do I fix this? Down below you'll find my logstash configuration file.
input {
syslog {
port => 5514
codec => "json"
}
file {
path => "/var/externallogs_maven/data"
type => "nexus-log"
start_position => "beginning"
}
}
filter {
grok {
type => "nexus-log"
match => [
"message", "\b\w+\b\s/nexus/content/repositories/(?<repositories>[^/]+)",
"message", "(?<mytimestamp>%{MONTHDAY}/%{MONTH}/%{YEAR}:%{HOUR}:%{MINUTE}:%{SECOND} %{ISO8601_TIMEZONE})"
]
}
date{
match => ["mytimestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]
}
}
output {
elasticsearch{
host => es
port => 9300
cluster => "elkjepp"
protocol => "transport"
}
stdout { codec => rubydebug }
}