I've just started using logstash and I'm working on trying to parse a log and push it into solr using the solr_http plugin.
I successfully used a grok filter to pull the severity out as a separate field, but I can't seem to get the date to parse.
My expectation would be the date would be added to a field called mydate similar to severity.
Sample file record:
localhost-startStop-1 2019-06-08 05:08:21,497 DEBUG lking.spi.MetamodelGraphWalker Visiting attribute path : tableRating
Here is my config:
#Try to push data into solr
input {
file {
path => "//serverpath/hibernate.log"
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{LOGLEVEL:severity}"}
}
date {
match => [ "mydate", "yyyy-MM-dd HH:mm:ss,SSS" ]
target => "mydate"
}
}
output {
solr_http {
solr_url => "http://localhost:8080/solr/logStuff"
}
}
The result of this is that data gets pushed into solr, there is a separate field for 'severity'. But nothing for mydate. I have the log level turned on to TRACE and nothing seems to come out on concerning the mydate field