Hi all, I'm a new user in ELK and logstash, and I'm trying to extract the following log with grok but without success for now.
This is my log:
08-14 10:22:50.863 1419 1419 D GpsNetInitiatedHandler: location enabled :false
and I wish to extract this like that:
Thank you!
I would use dissect for that
dissect { mapping => { "message" => "%{[@metadata][timestamp]} %{+[@metadata][timestamp]} %{} %{} %{loglevel} %{msg}" } }
date { match => [ "[@metadata][timestamp]", "MM-dd HH:mm:ss.SSS" ] }
Since your timestamp does not contain a year logstash will guess which year it should use and you will almost certainly dislike the results sometimes.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.