The below one is my json and fetch the date from the body and convert to logstash timestamp.
"Mar 1 04:57:10" date should come as a @timestamp.
{
"host" => "vc2cm.com",
"@version" => "1",
"location" => "MMK",
"body": "Mar 1 04:57:10 adinfo[19530]: INFO base.nocachemode Disabling the agent directory cache\n",
}
Please help me.
Use the grok filter to parse the contents of the body field and extract the timestamp to a separate field, then use a date filter to parse the timestamp string into the @timestamp field. What you have is close to the syslog example here: https://www.elastic.co/guide/en/logstash/current/config-examples.html#_processing_syslog_messages
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.