How mapping data without separator

Elastic Stack Logstash
1

hi, can i mapping some data without separator ?
date+time mac etc etc etc ... something like this:

2017-04-03T23:56:37+02:00 xx-xx-xx-xx-xx-xx portal.sh[527] seq=20515 msec=580 Trace Setup proxy: (null) for url: http://dmd:8765/get_message

i try load this data with logstash from etc.log-> sudo ./logstash -f /etc/etc , but i dont know how. when i try load some data with separator i use somethnig like this and it

input {
file {
path => "/ppoe/stock.csv"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
csv {
separator => ","
columns => ["APDC","UserName","AccStartTime","AccStopTime","SessionTime",$
}

date {
match => ["AccStartTime", "dd.MM.yyyy hh:mm"]
target => "Date"
}

or how can i load this data to visualize in kibana
thanks

2

A grok filter would probably be a better fit if the data looks like above.

1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.