Hi, I have been trying to replace my @timestamps from my syslog
Have used this example:
I really don't understand why it's not working!
I looked at this topic:
And @magnusbaeck gave the following test to the OP to try:
echo '2017/20/01 13:53:35' | logstash -e 'input { stdin { } } output { stdout { codec => rubydebug } } filter { date { match => [ "message", "YYYY/dd/MM HH:mm:ss" ] } }'
which works on my system
When i do a similar thing with the example:
echo 'Jun 30 12:36:24' | ./logstash -e 'input { stdin { } } output { stdout { codec => rubydebug } } filter { date { match => [ "message", "MMM dd HH:mm:ss" ] } }'
I get the following error:
[2019-07-01T11:40:33,429][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
/home/linux/Downloads/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/awesome_print-1.7.0/lib/awesome_print/formatters/base_formatter.rb:31: warning: constant ::Fixnum is deprecated
{
"@version" => "1",
"@timestamp" => 2019-07-01T01:40:32.830Z,
"tags" => [
[0] "_dateparsefailure"
],
"host" => "LINUX",
"message" => "Jun 30 12:36:24"
}
Why is that?
Thanks for any help