Hello All
Seems the issue is simple , but struggling from long time.
I want to view my Source log time stamp in the Kibana dashboard intead of Kibana processed time .
As I want to visualize using Log time stamp and the count of a result code(varies from 0 to 12 numerical value ) from my log file.
Below are the current files I am using :
Log content for the source log file for date or time format:
2020-02-10 12:21:52.4835|ERROR|d__9.MoveNext|A task was canceled., jsonInput: {"ResourceID":288,"RequestID":"6371693410848345290038190","Data":null,"Result":0}, apiURL: http://sm2cf1.on.bell.ca:8087/IID_IVRScheduler_WS/rest/Dialer/Hangup
Below is the logstash.conf ,I am using currently:
input {
beats {
port => 5044
}
}
filter {
grok {
patterns_dir => ["../pattern"]
match => { "message" => "%{LongDate:longdate}|%{EventType:eventtype}|%{CallSite:callsite}|%{Message:message}, Result: %{ResultCode:resultcode}" }
match => { "message" => "%{LongDate:longdate}|%{EventType:eventtype}|%{CallSite:callsite}|%{Message:message} ==> Result: %{ResultCode:resultcode}" }
match => { "message" => "%{LongDate:longdate}|%{EventType:eventtype}|%{CallSite:callsite}|%{Message:message}" }
match => { "message" => "%{LongDate:longdate}|%{EventType:eventtype}|%{CallSite:callsite}|%{Message:message}.," }
}
date {
match => ["longdate", "ISO8601"]
target => "@timestamp"
}
}
output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
Pattern:
LongDate \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{4}
EventType ERROR|FATAL|INFO|TRACE
CallSite %{GREEDYDATA}
Message %{GREEDYDATA}
ResultCode %{GREEDYDATA}
LongDate \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{4}
EventType ERROR|FATAL|INFO|TRACE
CallSite %{GREEDYDATA}
Message %{GREEDYDATA}
Please advise.
Thank you