Hi, all
I'm using fluentd to send logs to elasticsearch'm but stuck at a time format issue below:
This is the sample log:
[2017-05-16 01:28:05.980425] I [socket.c:4120:socket_init] 0-tcp.devops-jenkins-server: SSL support on the I/O path is ENABLED
And here's the config in td-agent:
<source>
type tail
path /var/log/glusterfs/bricks/*.log
pos_file fluentd-glusterfs.pos
format /^\[(?<time>[^\]]*)\] (?<log_level>[^ ]*) (?<message>[^ ].*)$/
keep_time_key true
time_key time
time_format %Y-%m-%d %H:%M:%S
tag glusterfs.*
read_from_head true
</source>
got error messages as below:
2017-05-16 10:08:57 +0800 [error]: Could not push log to Elasticsearch: {"took"=>13, "errors"=>true, "items"=>[{"index"=>{"_index"=>"devops-2017.05.15", "_type"=>"fluentd", "_id"=>"AVwPA_mKVVrEuXsVfdeC", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse [time]", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"Invalid format: \"[2017-05-16 01:28:05.980425\" is malformed at \" 01:28:05.980425\""}}}}
elasticsearch indexes are using dynamic mapping.
How to fix this? Thanks for the help!