Hi,
I'm consuming yum.log with filebeat, this is great but I want to be able to manipulate the data as it comes in to allow me to filter better and visulise the data.
At the moment a message looks like this
"message": "Apr 19 15:13:42 Updated: ec2-utils-0.7-43.5.amzn1.noarch",
I would liek to be able to pull out the date (as a timestamp), whether it was Updated/Installed and the package name.
Is this possible?
Thanks
Ok, im new to grok patterns.
%{YUMTIMESTAMP:timestamp} %{NOTSPACE:state} %{NOTSPACE:package}
YUMTIMESTAMP being a customer pattern YUMTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}
gave me the result I was looking for:
{
"package": "ec2-utils-0.7-43.5.amzn1.noarch",
"state": "Updated:",
"timestamp": "Apr 19 15:13:42"
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.