Hi there
I have an issue with this log line:
[2020-02-19 09:42:01.514] [Value1] [value2] [value3] [Value5] [Value6] [Value7]
grok {
match => { "message" => "[%{TIMESTAMP_ISO8601:logDate}] [%{DATA:core}] [%{WORD:serveur}] [%{WORD:Categorie}] [%{WORD:Type}] [%{WORD:entry}] [%{WORD:importance}] [%{DATA:Classe}]" }
overwrite => [ "message" ]
}
date {
match => [ "logDate", "yyyy/MM/dd HH:mm:ss.SSS" ]
}
The logDate is in String type but i want to use it as @timestamp in elasticsearch.
How can'i get it work?
Thnaks for any help.
Hi
Your date{} pattern ("yyyy/MM/dd HH:mm:ss.SSS") doesn't seem to match the content of logDate (2020-02-19 09:42:01.514), so your date{} filter is not working (https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html).
Hope this helps.
I update the date filter and i still have logDate as a string in elasticsearch.
match => [ "logDate", "yyyy-MM-dd HH:mm:ss.SSS" ]
Thanks for the help
Hi
As you have seen in the documentation I linked, the default target for the date{} filter is @timestamp. You should add target => "logDate" to your date{} filter to change the default.
Hope this helps.
Great!!! many thank's it works as expected
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.