I am trying to replace time field in my log time :
here is my config file: I am new to elastic search , tried couple of things but failed.
nput {
file{
path=>"C:\logs\testing1.csv"
start_position=>"beginning"
}
}
filter{
csv{
separator=>","
columns=>["Message","Thread","Time","Topic","Level","Interaction ID"]
}
date {
match =>{ "Time"=>[ "dd/MMM/yyyy:HH:mm:ss Z"]}
target=>"@timestamp"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index=>"itest1"
document_type=>"itest1_log"
}
stdout{}
}
Hi Magnus,
Here is the input in my csv file:
Message Thread Time Topic Level Interaction ID
InteractionStartEvent 4580 7/25/2017 2:39:51 AM -- -- --
Time is in 7/25/2017 2:39:51 AM
This is how am writing my config file-
input {
file{
path=>"C:\logs\testing3.csv"
start_position=>"beginning"
}
}
filter{
csv{
separator=>","
columns=>["Message","Thread","Time","Topic","Level","Interaction ID"]
}
date {
match =>["Time","YYYY-MMM-dd:HH:mm:ss Z"]
target=>"@timestamp"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index=>"itest4"
document_type=>"itest4_log"
}
stdout{ codec => rubydebug}
}
If your CSV file doesn't use commas to separate the columns then separator=>"," is the wrong configuration to use.
Also, you only addressed the request in the first bullet. Please always answer all questions that you're asked.
Its wasnt the problem of csv file. I didnt had date in my timestamp and UTC which I parsed
It working now