like this
/home/api/log/20181205/20181205_152840.log
I want "20181205" can out put date field in logstash.
The file name is forwarded in the source field to Logstash. You can use grok/dissect to extract it. Not sure if date filter can parse it in Logstash. At worst you will have to use the ruby filter.
I set this ,but can't have data.
grok {
match => {
"source" => "%{GREEDYDATA:sth1}/%{YEAR}%{MONTHNUM}%{MONTHDAY}%/{GREEDYDATA:sth2}"
}
}
Better store the date in a field. Plus, it seems you have a syntax error in the last section.
e.g. capturing complete date into a field named ts:
grok {
match => {
"source" => "%{GREEDYDATA:sth1}/%{PATH_TS:ts}/%{GREEDYDATA:sth2}"
}
pattern_definitions => {
"PATH_TS" => "%{YEAR}%{MONTHNUM}%{MONTHDAY}"
}
}
This gets you the fields sth1, ts, and sth2. You still must transform the ts field to a date.
thanks,but 'ts' can't not get data, I use 'dissect', it work now.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.