Hi,
Am using filebeat on graylog and i want to parse the timestamp from the log line and use it as the timestamp field using filebeat ,how can i grok the log timestamp without logstash
log sample Thu Dec 20 12:36:56 +0000 2018 @Check out our latest newsletter for #DevSecOps events, blogs, videos and much more. If you like what you see - hit https://t.co/Hk7rp2vz74
You can use an Elasticsearch ingest node pipeline to parse this. This can be used instead of Logstash for a wide variety of processing.
I am using graylog as filebeat output . can I use es ingest node pipeline on this case?
filebeat conf :-
================================ Outputs =====================================
-------------------------- Elasticsearch output ------------------------------
.#output.elasticsearch:
.# Array of hosts to connect to.
.# hosts: ["localhost:9200"]
----------------------------- Logstash output --------------------------------
output.logstash:
hosts: ["graylog:5044"]
I do not know if Graylog allows you to specify pipeline, so you probably need to ask them. You could also do it through Logstash.
ok thanks for the support
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.