I am using logs from syslog, and syslog timestamp format doest not have year, and the timestamp format is
May 3 09:10:10
how to add the year and convert the format to
YYYY-MM-DD hh:mm:ss
for the example ,it's will be looks like
2016-05-03 09:00:10
Any help is welcome to resolve this.
You need to use the date filter - https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html
A match pattern like MMM dd HH:mm:ss would work, then when you integrate that into the filter it'll add the date and make it ISO8601 format.
i tried to add the date filter
date {
locale => "en"
match => ["received_at",
"MMM d HH:mm:ss YYYY",
"MMM dd HH:mm:ss YYYY","ISO8601"
]
add_field => ["time" , "%{YYYY-MM-dd HH:mm:ss}" ---> how to get the receive_at and convert the format ?
}And what was the outcome?
with my date filter
date {
locale => "en"
match => ["timestamp",
"MMM d HH:mm:ss.SSS YYYY",
"MMM dd HH:mm:ss.SSS YYYY",
"ISO8601"]
}
it's didn't get any error
but the timestamp didn't convert the format
from
May 4 11:49:19.701 2016
to
2016-05-04 11:43:19.701The date filter by default populates the @timestamp field with the parsed date, and does not update the field that was parsed. You can change this by specifying a target field.
it's work when change the target field,
but i just want to change the month format from Jan,Feb,Mar... to 01,02,03...
Could you please just provide the final configuration which you used to solve this issue.
Since I am facing the same problem and I am not able to solve this
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.