How to display error messages or syslogs message date wise

geetika-06 · August 1, 2018, 7:42am

Hi
as i want to display my syslogs or error messages in kibana "discover page" as group wise and it should be grouped on the basis of date but in kibana it shows logs of eg. apache as date hours mins and sec eg August 1st 2018 11:23:34 ?.
Below is the logstash filter config file.

filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d", "MMM dd" ]
}
}
}

I am new to kibana please help to solve this.

magnusbaeck · August 2, 2018, 6:32am

as i want to display my syslogs or error messages in kibana "discover page" as group wise and it should be grouped on the basis of date

I don't understand what you mean by this.

but in kibana it shows logs of eg. apache as date hours mins and sec eg August 1st 2018 11:23:34 ?.

Kibana's date format is configurable. If you look at the JSON tab of the Discovery view you'll see what the @timestamp field actually contains.

system · August 30, 2018, 6:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.