Parsing custom date with Filebeat (or Logstash)

zebu14 · October 25, 2019, 8:06am

Hello,

I have some logs that I want to sent into an Elastic index.

Log lines examples :

"1","O","I","190312 135108","E","165","1024000","FTP","GREENTRF","TST02","/home/gateway/","test054","TSTTST01","GREENTRF","TST02"
"1","O","I","190312 135108","E","165","1024000","FTP","GREENTRF","TST02","/home/gateway/","test055","TSTTST01","GREENTRF","TST02"
"1","O","I","190312 135108","E","165","1024000","FTP","GREENTRF","TST02","/home/gateway/","test056","TSTTST01","GREENTRF","TST02"
"1","O","I","190312 135108","E","0","1024000","FTP","GREENTRF","TST02","/home/gateway/","test057","TSTTST01","GREENTRF","TST02"
"1","O","I","190312 135108","E","0","1024000","FTP","GREENTRF","TST02","/home/gateway/","test058","TSTTST01","GREENTRF","TST02"
"1","O","I","190312 135108","E","0","1024000","FTP","GREENTRF","TST02","/home/gateway/","test059","TSTTST01","GREENTRF","TST02"

The date is in the 3rd field : "190312 135108"
==> 12 March 2019 13:51:08

The goal is to use this field as timestamp in the target index.

How can this be done with filebeat ?
Is it even possible ?

If not, I would use Logstash with the "date" filter.

Thank you

pmercado · October 25, 2019, 1:48pm

Probably this might help
https://www.elastic.co/guide/en/elasticsearch/reference/master/date-processor.html

zebu14 · October 25, 2019, 1:51pm

Hello,

Thanks for this link, but already read and it doesn't help because it doesn't seem to support "custom" formats.

system · November 22, 2019, 2:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.