i have this :
01-11-2015;17:41:01;641
filter {
grok {
break_on_match => "false"
match => { "message" => '%{DATA}%{DATE_EU:Date};%{TIME:Date};%{NUMBER:Nombre}%{DATA}'}
}
}
but my date en heure = string
i want date so i use
date {
match => [ "Date", "dd MM YYYY HH:mm:ss" ]
}
but i have
{
"_index": "logstash-2016.12.15",
"_type": "Vmware",
"_id": "AVkCgGy96I_tcz_3yhMg",
"_score": null,
"_source": {
"Nombre": 751,
"path": "/var/log/StatVM/test10.log",
"@timestamp": "2016-12-15T12:41:27.524Z",
"@version": "1",
"host": "localhost.localdomain",
"message": "14-12-2016;11:20:01;751",
"type": "Vmware",
"Date": [
"14-12-2016",
"11:20:01"
],
"tags": [
"_dateparsefailure",
"_grokparsefailure"
]
},
"fields": {
"@timestamp": [
1481805687524
]
},
"sort": [
1481805687524
]
}
},
"fields": {
"@timestamp": [
1481804404819
]
},
"sort": [
1481804404819
]
}