I am having a big log message and i have to pick up only ip and timestamp in that message. is it work?? . anybody find out help
msg:
Apr 2 06:34:32 logmessage[213456]: this is log message of the system with an ip:123.456.789.1
i need to pick only ip and timestamp from this message
dissect { mapping => { "message" => "%{ts} %{+ts} %{+ts} %{} ip:%{ip}" } }
date { match => [ "ts", "MMM d HH:mm:ss" ] }
perhaps
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.