Hi,
Am using filebeat on graylog and i want to parse the timestamp from the log line and use it as the timestamp field using filebeat ,how can i grok the log timestamp without logstash
log sample Thu Dec 20 12:36:56 +0000 2018 @Check out our latest newsletter for #DevSecOps events, blogs, videos and much more. If you like what you see - hit https://t.co/Hk7rp2vz74
You can use an Elasticsearch ingest node pipeline to parse this. This can be used instead of Logstash for a wide variety of processing.
I am using graylog as filebeat output . can I use es ingest node pipeline on this case?
filebeat conf :-
================================ Outputs =====================================
-------------------------- Elasticsearch output ------------------------------
.#output.elasticsearch:
.# Array of hosts to connect to.
.# hosts: ["localhost:9200"]
----------------------------- Logstash output --------------------------------
output.logstash:
hosts: ["graylog:5044"]
I do not know if Graylog allows you to specify pipeline, so you probably need to ask them. You could also do it through Logstash.
ok thanks for the support
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.