Hi,
I'm trying to create an index pattern for my logs, but I seem to be having some issues with the timestamp format, this is what I'm getting tin the Data Visualizer in Kibana:
File could not be read [illegal_argument_exception] Specified timestamp format [yyyy/mm/dd HH:MM:ss.SSS] does not match for record [{column1=2020/09/04 06:17:45.471, column2=__closelog_, column3=11772, column4=14072, column5=CProtocol::DeInit, column6=CRU, column7=-1, column8=Starting destruction of element.}]
The format of my logs is like this:
2020/09/04 06:17:45.471|__closelog_|11772|14072|CProtocol::DeInit|CRU|-1|Starting destruction of element.
2020/09/04 06:17:45.512|__closelog_|11772|14072|CProtocol::DeInit|CRU|-1|** Waiting for extra threads to be stopped
2020/09/04 06:17:45.531|__closelog_|11772|14072|CProtocol::DeInit|CRU|-1|** Waiting for timers to be stopped
2020/09/04 06:17:45.562|__closelog_|11772|14072|CProtocol::DeInit|CRU|-1|** SLManagedScripting Not Cleaned. Null instance
Any suggestion about how to set the indexing pattern properly for this?
I have also tried setting the option as semi structured data and use this pattern:
%{log_timestamp}|%{proc_name}|%{pid}||%{pid_2}|%{args}|%{log_level}|%{number}|%{message}
Thanks in advance!
Carlos