Get the right timestamp for old log files

simonrisberg · July 24, 2015, 9:47am

input {
  syslog {
    port => 5514
    codec => "json"
  }
  file {
    path => "/var/externallogs_maven/data"
    type => "nexus-log"
    start_position => "beginning"
  }
}
filter {

   grok {

     type => "nexus-log"

     match => [
        "message", "\b\w+\b\s/nexus/content/repositories/(?<repositories>[^/]+)",
        "message", "(?<mytimestamp>%{MONTHDAY}/%{MONTH}/%{YEAR}:%{HOUR}:%{MINUTE}:%{SECOND} %{ISO8601_TIMEZONE})"

      ]
   }
   date{
      match => ["mytimestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]

   }

}
output {


  elasticsearch{
    host => es
    port => 9300
    cluster => "elkjepp"
    protocol => "transport"
 }
 stdout { codec => rubydebug }
}

Topic		Replies	Views
Simple question about timestamp in logs Kibana	4	219	April 9, 2023
Timestamp => @timestamp Logstash	17	4043	June 14, 2017
Yet another @timestamp log file trouble... but it should be easy! Logstash	34	11542	July 6, 2017
Change @timestamp to time from actual log file Logstash	6	1724	October 9, 2017
Logstash timestamp - not reading timestamp from log files Logstash	5	1737	July 6, 2017

Get the right timestamp for old log files

Related Topics