I need to parse a cloud-init logfile:
122.81 - Tue, 05 Jun 2018 11:53:21 +0000 - v. 0.7.9
Here's the grok pattern I wrote:
%{NUMBER:time} - %{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE} - v. %{NUMBER:version}
This pattern works. However, how can I capture the timestamp as a whole? Is there a way to nest grok patterns inline, apart from defining them in a separate pattern file and use the patterns_dir option?
Use dissect in place of grok.
dissect { mapping => { "message" => "%{time} - %{ts} %{+ts} %{+ts} %{+ts} %{+ts} %{+ts} - v. %{version}" } }
date { match => [ "ts", "EEE, dd MMM yyyy HH:mm:ss Z" ] }This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.