Hi all, I'm a new user in ELK and logstash, and I'm trying to extract the following log with grok but without success for now.
This is my log:
08-14 10:22:50.863 1419 1419 D GpsNetInitiatedHandler: location enabled :false
and I wish to extract this like that:
Thank you!
I would use dissect for that
dissect { mapping => { "message" => "%{[@metadata][timestamp]} %{+[@metadata][timestamp]} %{} %{} %{loglevel} %{msg}" } }
date { match => [ "[@metadata][timestamp]", "MM-dd HH:mm:ss.SSS" ] }
Since your timestamp does not contain a year logstash will guess which year it should use and you will almost certainly dislike the results sometimes.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.