Hello,
I am using a Ubuntu VM to host the entire ELK stack, I am using Rsyslog to listen for Cisco IOS logs and have successfully managed to output these logs to a file. I am trying to upload the file too Kibana but it cant parse the date in the logs and gives me the error messages shown below:
0: java.lang.IllegalArgumentException: java.lang.IllegalArgumentException: unable to parse date [Mar 12 06:26:02]
{"message":"Mar 12 06:26:02 10.0.0.11 49: *Mar 1 23:33:36.139: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to down"}
1: java.lang.IllegalArgumentException: java.lang.IllegalArgumentException: unable to parse date [Mar 12 06:26:05]
*{"message":"Mar 12 06:26:05 10.0.0.11 50: Mar 1 23:33:38.756: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to up"}
2: java.lang.IllegalArgumentException: java.lang.IllegalArgumentException: unable to parse date [Mar 12 06:26:07]
*{"message":"Mar 12 06:26:07 10.0.0.11 51: Mar 1 23:33:40.786: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up"}
Kibana seems to be understand the date format, as shown below:
MMM dd HH:mm:ss.SSS, MMM d HH:mm:ss.SSS
below is the grok pattern kibana displays when i upload the file:
{SYSLOGTIMESTAMP:timestamp} %{IP:ipaddress} %{INT:field}: .*?%{SYSLOGTIMESTAMP:extra_timestamp}: %.
My questions are, is the method I am using of outputting to a file and uploading to Kibana, possible? and how can i change the format of the log file so that Kibana understands the logs?
Thanks in advanced, I look forward to the replies.