Date Filtering from a Text File

ash.vaidya94 · August 12, 2016, 7:54am

Hi,

My text file reads something like -

03 Aug 2016 05:55:38,759|INFO |snjcprddex36|DataElt|||||03 Aug 2016 05:55:38,759|INFO |snjcprddex36|DataElt|||||OUT_OF_SCOPE

Is there any way I can manually filter the date and time and create a separate field?

Thanks

purbon · August 12, 2016, 8:16am

HI,
yes, in logstash you can use this collection of filters to get what you aim for:

Use the split filter to break you line in fields, your delimiter here is clearly the | character, isn't?
After that you have an event with multiple fields, one per each bucket result of the splitting.
Now you can use the date filter with the datetime field and parse them.

For exact documentation I've link each filter documentation for you.

Hope it helps,

purbon

magnusbaeck · August 12, 2016, 10:46am

It's not entirely clear to me if the example above is a single line that should be split into multiple events, a single line with a single event, or two lines that should result in two events.

Use the split filter to break you line in fields, your delimiter here is clearly the | character, isn't?

The split filter splits a field into multiple events. You probably meant the mutate filter's split option, but I think the csv filter would be a better match.

purbon · August 12, 2016, 11:22am

@magnusbaeck you're right, the event line is a bit confusing, I agree using CSV filter here will work, apologies if the message has understood as misleading.

Topic		Replies	Views
How to use split filter on the field using logstash Logstash	5	6149	March 27, 2019
Date filter - how to parse separately grokked DATE and TIME Logstash	3	446	November 7, 2019
Simple parsing in logstash Logstash	8	530	April 6, 2017
How can I use the date filter (match) with many fields Logstash	4	1577	May 1, 2018
Logstash : Time Field Logstash	10	2477	February 5, 2018

Date Filtering from a Text File

Related topics