2018-08-28 08:08:05 172.168.0.100 GET / - 80 - 66.249.71.153 Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html) - 200 0 0 13453
Filter.
filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:date} %{IP:client} %{WORD:method} %{GREEDYDATA:request} %{NUMBER:port} - %{IP:ip} %{WORD:agent}/%{NUMBER:version}%{GREEDYDATA:refere} %{NUMBER:statuscode} %{NUMBER:substatus} %{NUMBER:winstatus} %{NUMBER:duration}"}
}
geoip {
source => "ip"
}
date {
match => ["date" , "yyyy-MM-dd HH:mm:ss"]
target => "date"
}
split {
field => "date"
add_field => {"[month]" => "%{+M}"}
add_field => {"[day]" => "%{+d}"}
add_field => {"[hour]" => "%{+H}"}
}
}
Halo, I want to know if logstash can split date into year month day hour, but from the message not convert it from filter date function because the date often not match cause the timezone different.
i want to split the date 2018-08-28 08:08:05 into date : 2018-08-28 08:08:05, Y : 2018, M: 08, D:28, H: 08, Minute : 08, S: 05 like this. can we use split filter to split it?. Thanks