04-Oct-2017 14:27:51.457 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number: 8.5.8.0
04-Oct-2017 14:27:51.457 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 3.10.0-327.36.3.el7.x86_64
......
This is the beat multiline option:
multiline.pattern: '^[0-9]{2}-[[:alpha:]]{3}-[0-9]{4}'
multiline.negate: true
multiline.match: after
and it work.
I'm using the folllwing grok patter to pick the timestamp:
match => ["message", "%{BIND9_TIMESTAMP:timestamp} %{LOGLEVEL:level}"]
....
....
date {
match => [ "timestamp", "dd-MMM-yyyy HH:mm:ss.SSS" ]
timezone => "Europe/Rome"
target => "@timestamp"
then I get "@timestamp" => 2017-10-04T12:27:51.457Z, so the problem is not in the grok or the date. If you provide a reproducible example we might be able to diagnose the problem.
Yes, and when I run those 2 lines through the config I included, which seems to me to match the partial config you showed, then the @timestamp on the resulting events is from 4th October, which to me means it worked just fine. How about you show a complete non-working configuration?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.