calebereis
October 7, 2018, 6:47pm
1
Hi, I'm Calebe and I'm trying to replace the timestamp with the timestamp from the log file.
I tried so many things and nothing works.
I have this kind of timestamp in my log file:
The problem is that I don't know the correct configure for grok filter.
I'm using this:
filter {
grok {
It's not working. I think that's because grok is configured wrong, but I can't find the right way.
Could anyone please help me?
calebereis
October 7, 2018, 6:55pm
2
I tride this different way and didn't work either.
filter {
grok {
date {
Tek_Chand
October 8, 2018, 8:10am
3
@calebereis ,
The SYSLOGBASE will add another filed and you can use that filed to check the date and time when that log was generated at source machine.
Try the below config:
filter {
grok {
match => { "message" => ["SYSLOGBASE"] }
}
}
It will add a filed with name SYSLOGTIMESTAMP on kibana. You can refer that filed.
Thanks.
calebereis
October 8, 2018, 1:14pm
4
Hi Tek,
I tried doing that, but I got _grokparsefailure.
Should I add the date filter refering to this new field?
Tek_Chand
October 9, 2018, 3:24am
5
@Calebereis , Can you please provide the output or error log?
Thanks.
calebereis
October 9, 2018, 11:09am
6
After so many tries, I found something that works.
filter {
grok {
match => { "message" => "^%{MONTH:mes}\s*%{MONTHDAY:dia}\s*%{TIME:hora}\s*%{YEAR:ano}:\s.*%{IP:ip}" }
}
mutate {
add_field => {
"timedate" => "%{mes} %{dia} %{hora} %{ano}"
}
}
}
And now I can receive my txt file and read it in the right time.
Thank you anyway, Tek.
Hope it helps someone else.
1 Like
Tek_Chand
October 9, 2018, 11:12am
7
@calebereis , Glad to hear that.
system
November 6, 2018, 11:20am
8
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
