Hello,
Setting up my first Elastic, and ran to an issue with logstash output to file.
I am trying to get output both on elastic and to file, and both are working otherwise fine; however, I dont get any timestamp on the output file for the log events. The log source is windows server. What should be the correct codec to get timestamps for the output file aswell ? Timestamps are ok when looking from Kibana.
Thanks in advance.
What output are you getting? And what does the configuration look like?
Configuration:
input {
beats {
port => 5044
type => "log"
}
}
output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
file {
codec => line {
format => "{[%Date%]} | %{[severity]} : /%{[thread]}/ %{[loggername]} (%{[sourcemethodname]}) - %{[message]}"
}
path => "E:\ELK\Logs\Output%{host}/%{facility}-%{+yyyy-MM-dd}.log"
}
}
Log Example:
{[%Date%]} | %{[severity]} : /%{[thread]}/ %{[loggername]} (%{[sourcemethodname]}) - An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Impersonation Level: Impersonation
New Logon:
So the event is fine, but the format is not working exactly as intended.
{[%Date%]}
Are you sure this shouldn't be %{[Date]}?
So the event is fine, but the format is not working exactly as intended.
Since you're not telling us what you get right now and what you expect to get you're making it hard to help.
Hello,
Sorry bad articulation on my side.
Tried to change the date to %{[Date]} , but that didn't solve the issue.
So what I am looking for is timestamp inside the output files events. Currently there is no timestamp at all on any event, which i am trying solve now. The event details and other are fine, just missing the time, when the events have occured.
This is the third time I'm asking for details. I will not ask a fourth time. Show us:
stdout { codec => rubydebug } output to dump the raw event.This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.