Hello, my name is Tongsak.
Ask how to convert the time unity x into a day, month, second.
For example, 284465 1486008515154023 1486008515154023 1486008574188849 8 6 776 628 0 - - - - - - 4 2406: 3100: 1020: 1 :: 814 2404: 6800: 4003: 803 :: 200e TCP 51288 443 0 0 0 0 0 0 0 0
Sample data grok filter not work
}
Filter {
Grok {
% {INT: flow_start_timestamp}% {INT: segment_start_timestamp}% {INT: segment_end_timestamp}% {INT: segment_packet_send}% {INT: segment_packet_receive}% {INT: segment_raw_byte_send % {INT: segment_idte}% {DATA: user_id_1}% {DATA: login_session_id_2}% {DATA: login_session_id_2}% {DATA: user_id_2}%} % {INT: ip_type}% {IP: src_ip}% {IP: dst_ip}% {WORD: protocol}% {INT: src_port}% {INT: dst_port}% {DATA: flow_detected_l7}% {INT % {INT: segment_package_with_session_control_send}% {INT: segment_package_with_session_control_receive}% {INT: segment_package_with_session_control_session}%
}
Mutate {
Remove_field => ["message"]
}
Date {
Match => ["flow_start_timestamp", "UNIX_MS"]
Target => "flow_start_timestamp"
}
Date {
Match => ["segment_start_timestamp", "UNIX_MS"]
Target => "segment_start_timestamp"
}
Date {
Match => ["segment_end_timestamp", "UNIX_MS"]
Target => "segment_end_timestamp"
}
Date {
Match => ["login_timestamp_1", "UNIX_MS"]
Target => "login_timestamp_1"
}
Date {
Match => ["login_timestamp_2", "UNIX_MS"]
Target => "login_timestamp_2"
}
}
Output {
If "_grokparsefailure" in [tags] {
Stdout {
Codec => rubydebug
}
Else {else}
Elasticsearch {
Hosts => ["192.168.206.141:9200"]
}
}
}
How to convert? How to do?