Then you need to parse out the timestamp into a separate field and use a date filter. See this introductory guide for more information.
I want Start Time for 10E5F59F-A18D-4840-8E47-7A96F1417398 : As a message
and Wed, 27 Nov 2019 5.58.29.894 as timestamp
Publishing topic For D50CA1C2-CAF4-4822-9AF7-BF28065F15E5 Signal0 with value -0.287098 : Wed, 27 Nov 2019 6.15.44.108
Publishing topic For D50CA1C2-CAF4-4822-9AF7-BF28065F15E5 Signal0 with value -0.287098(Message)
Timestamp- Wed, 27 Nov 2019 6.15.44.108
how i will do seperation based on :
i tried filter {
dissect {
mapping => {
"message" => "%{msg}: %{timestamp}"
}
remove_field => [“message”]
}
}
got error -An exception happened when converging configuration {:exception=>RuntimeError, :message=>"Could not fetch the configuration, message: The following config files contains non-ascii characters but are not UTF-8 encoded ["D:/Logging/logstash-7.4.2/bin/logfile.conf"]", :backtrace=>["D:/Logging/logstash-7.4.2/logstash-core/lib/logstash/agent.rb:156:in converge_state_and_update'", "D:/Logging/logstash-7.4.2/logstash-core/lib/logstash/agent.rb:97:in
execute'", "D:/Logging/logstash-7.4.2/logstash-core/lib/logstash/runner.rb:368:in block in execute'", "D:/Logging/logstash-7.4.2/vendor/bundle/jruby/2.5.0/gems/stud-0.0.23/lib/stud/task.rb:24:in
block in initialize'"]}
i m using 7.4.2 version
You can use grok or a dissect filter as described in the blog I linked to.
Wed 27 Nov 2019 10:46:58:589 : Published message For 3024AEA2-D317-4CBD-BFBC-1ED982E33D43 For Topic Signal0 0.432248
filter {
dissect {
mapping => { "message" => "%{ts} %{+ts} %{+ts} %{+ts} %{+ts} : %{msg}" }
}
}
it is working for me, i want to change data type for ts. coz i want to sort value based on ts.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.