Date config issue and removing GMT


(spectre) #1

Hello All,

I've been asked to find a log storage solution and i found one i love... :slight_smile:

The install of everything went great with zero errors and my initial imports were working but the Kibana functionality isn't there due to my horrible import method.

Log Format <netscaler.csv>

Config File

Other Info:
ELK Stack on Ubuntu server, geo-ip plugin, csv filter

The end goal would be to create a view to see dates and times a user logged in for auditing, but i believe the GMT-0500 is affecting this and needs to be removed.

tl;dr: I require assistance with parsing a log so i can show value to my colleagues in using ELK Stack as our logging solutions.

Cheers


(Magnus Bäck) #2

The end goal would be to create a view to see dates and times a user logged in for auditing, but i believe the GMT-0500 is affecting this and needs to be removed.

What's the current result that you're getting? What do you expect to get instead?


(spectre) #3

Hey Magnus,

The current result is: [DetectionTime:Thu Jan 4 15:55:58 GMT-0500 2018] and the detection time is a string and not a date.

It will not allow me to choose DetectionTime as a date, my belief is this is due to the GMT-0500 in the DTS.

Cheers


(Magnus Bäck) #4

Seems like the date filter isn't working then. If it fails to parse a timestamp string it'll give clues about where the parsing failed in the Logstash log.


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.