Hello,
I'm wondering how I can go about switching between different logs in logstash? For example, I have one log with a time stamp format of "[2/14/18 13:17:40:147 EST]" and another log with a timestamp format of "04:02:09.538 EST". How could I setup my logstash config to switch between these timestamp formats?
A date filter can match against an array of formats. The documentation gives an example of matching against 3 formats.
match => [ "logdate", "MMM dd yyyy HH:mm:ss",
"MMM d yyyy HH:mm:ss", "ISO8601" ]
If I remember correctly EST is ambiguous, so a date filter has no way to interpret it.
This is great, thank you.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.