Hi!
I have a problem with timestamp in logstash. Timestamp in logs set to 01.01.2018, I don't know why.
Here is my config:
input {
beats {
port => "5044"
}
}
filter {
grok {
match => ["message", "%{TIME:eventtime}\t%{WORD:process_id}\t%{WORD:currency}: GPU0 %{NUMBER:GPU0Speed:float} Mh/s"]
match => ["message", "%{TIME:eventtime}\t%{WORD:process_id}\tGPU0 t=%{NUMBER:GPU0Temp:float}C fan=%{NUMBER:GPU0Fan:int}%"]
}
date {
match => [ "eventtime", "HH:mm:ss:SSS" ]
}
if "_grokparsefailure" in [tags] {
drop {}
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
index => "gputest"
hosts => "myhost"
user => "elastic"
password => "pass"
}
}
May be it happends because filebeat are on windows machine? I test the same on linux - it works fine. Also when I get data form windows filebeat, my eventtime didn't convert to time
Here is my output
{
"offset" => 1003414,
"@version" => "1",
"GPU0Temp" => 56.0,
"GPU3Fan" => 81,
"prospector" => {
"type" => "log"
},
"beat" => {
"name" => "DESKTOP-GPU9JEO",
"hostname" => "DESKTOP-GPU9JEO",
"version" => "6.1.2"
},
"GPU0Fan" => 81,
"message" => "17:57:59:863\tfd0\tGPU0 t=56C fan=81%, GPU1 t=63C fan=80%, GPU2 t=52C fan=79%, GPU3 t=51C fan=81%",
"GPU1Temp" => 63.0,
"GPU2Fan" => 79,
"host" => "DESKTOP-GPU9JEO",
"GPU1Fan" => 80,
"eventtime" => "17:57:59:863",
"tags" => [
[0] "beats_input_codec_plain_applied"
],
"process_id" => "fd0",
"@timestamp" => 2018-01-01T17:57:59.863Z,
"source" => "c:\Buron\miners\claymore10.1\1516610841_log.txt",
"GPU2Temp" => 52.0,
"GPU3Temp" => 51.0
}