Logstash logs isn't like according to its date when see in kibana?

Bhavin_Varsur · October 5, 2020, 5:13am

i'm using logstash v7.9.2.
i have logs which are day wise like
log-2020.10.03,
log-2020.10.04,
log-2020.10.05
it mixed up everything .i want to separate logs in separate index (daywise log).
but i seeing logs of 3rd October in log-2020.10.05 index.
How can I separate them ?

Wolfram_Haussig · October 5, 2020, 5:52am

Hi,

By default logstash adds the date and time of the ingest operation as @timestamp which is shown as time in your screenshot. To solve this use the time filter to parse your timestamp field into @timestamp.

Best regards
Wolfram

Bhavin_Varsur · October 5, 2020, 6:06am

How can I parse this 2020-10-05 11:32:14.4851 type of date format

Wolfram_Haussig · October 5, 2020, 6:16am

The definition is on the same page:

yyyy - full year
MM - 2-digit month
dd - 2-digit day
HH - two-digit hour
mm - 2-digit minutes
ss - 2-digit seconds
SSS - thousands of a second

so your filter would be:

filter {
      date {
        match => [ "logdate", "yyyy-MM-dd HH:mm:ss.SSS" ]
      }
    }

Bhavin_Varsur · October 5, 2020, 6:22am

It works ,Thank you so much !

system · November 2, 2020, 6:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date filter for logstash Logstash	5	450	March 19, 2018
Parse logfile date into Kibana's timestamp Logstash	18	4416	May 10, 2017
No default Year/month/day for only HH:mm:ss,SSS logs Logstash	5	599	February 7, 2020
Logstash Timestamp date field filter not parsing properly Logstash	11	2384	July 26, 2017
How To Separate Time From Logs, Logstash Parsing Logs Logstash	1	274	October 15, 2019

Logstash logs isn't like according to its date when see in kibana?

Related topics