i'm using logstash v7.9.2.
i have logs which are day wise like
log-2020.10.03,
log-2020.10.04,
log-2020.10.05
it mixed up everything .i want to separate logs in separate index (daywise log).
but i seeing logs of 3rd October in log-2020.10.05 index.
How can I separate them ?
Hi,
By default logstash adds the date and time of the ingest operation as @timestamp which is shown as time in your screenshot. To solve this use the time filter to parse your timestamp field into @timestamp.
Best regards
Wolfram
How can I parse this 2020-10-05 11:32:14.4851 type of date format
The definition is on the same page:
- yyyy - full year
- MM - 2-digit month
- dd - 2-digit day
- HH - two-digit hour
- mm - 2-digit minutes
- ss - 2-digit seconds
- SSS - thousands of a second
so your filter would be:
filter {
date {
match => [ "logdate", "yyyy-MM-dd HH:mm:ss.SSS" ]
}
}
1 Like
It works ,Thank you so much !
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.