I am following this thread : http://stackoverflow.com/questions/29384754/syslog-timestamp-without-year
My requirement is :
If syslog message comes with year in timestamp, I should match in date filter and take that year as time and put it in elasticsearch, If there is not year in syslog timestamp, then I need to have some default year / some default value which I will know in future, How can I do that ?
My date filter is :
date {
target => "@timestamp"
match => [ "syslog_timestamp",
"MMM d HH:mm:ss YYYY",
"MMM dd HH:mm:ss YYYY" ]
timezone => "UTC"
}
Here If syslog_timestamp does not contains year then this fails.