Log file without Year

chic_cat · March 28, 2017, 2:20am

Hi guys, I have logs in format:
Mar 23 11:54:35 server [Controller] [Thread-530] ERROR Connection error

I tried to use next filter, but it doesn't work,

filter {
if [type] == "data" {

grok {
  match => {
    "message" => [
      "^%{TIMESTAMP_ISO8601:timestamp} %{GREEDYDATA}$"
    ]
  }
}

date {
  match => [ "timestamp", "MMM dd HH:mm:ss"  ]
}

}
}

Any one had similar issues?

Thanks

magnusbaeck · March 28, 2017, 5:32am

The TIMESTAMP_ISO8601 pattern is for ISO8601 dates but your date is in another format. Since your log appears to be from syslog, why not use a syslog pattern?

https://www.elastic.co/guide/en/logstash/current/config-examples.html#_processing_syslog_messages

system · April 28, 2017, 4:47am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash grok filter Logstash	3	474	March 23, 2017
Syslog date without year Logstash	11	18348	July 6, 2017
Converting date to ISO8601 Logstash	11	13902	July 6, 2017
Logstash/ES date format issue Logstash	7	2374	July 6, 2017
_dateparsefailure again Logstash	3	1148	June 27, 2017

Log file without Year

Related topics