解析 logstash 中的特定日期
Parsing a specific date within logstash
我正在尝试在 logstash 中解析以下日期
2019-08-01T00:00:00Z/2019-08-02T00:00:00Z
我尝试了很多东西,但没有任何效果
选项 1
date{
match => ["timestamp","ISO8601/ISO8601"]
target => "timestamp"
}
选项 2
date{
match => ["timestamp","ISO8601"]
target => "timestamp"
}
选项 3 - 管道工作但我得到 dateparsefailure
date{
match => ["timestamp","ISO8601"/"ISO8601"]
target => "timestamp"
}
如何使用 grok 模式将日期收集到单独的字段中,然后使用 mutate
加入它们?
filter {
grok {
match => [ "message", "%{TIMESTAMP_ISO8601:date_1}/%{TIMESTAMP_ISO8601:date_2}" ]
tag_on_failure => [ "_failure", "_grokparsefailure" ]
}
if "_failure" not in [tags] {
mutate {
add_field => { "timestamp" => "%{date_1}/%{date_2}"}
}
}
}
我正在尝试在 logstash 中解析以下日期 2019-08-01T00:00:00Z/2019-08-02T00:00:00Z
我尝试了很多东西,但没有任何效果
选项 1
date{
match => ["timestamp","ISO8601/ISO8601"]
target => "timestamp"
}
选项 2
date{
match => ["timestamp","ISO8601"]
target => "timestamp"
}
选项 3 - 管道工作但我得到 dateparsefailure
date{
match => ["timestamp","ISO8601"/"ISO8601"]
target => "timestamp"
}
如何使用 grok 模式将日期收集到单独的字段中,然后使用 mutate
filter {
grok {
match => [ "message", "%{TIMESTAMP_ISO8601:date_1}/%{TIMESTAMP_ISO8601:date_2}" ]
tag_on_failure => [ "_failure", "_grokparsefailure" ]
}
if "_failure" not in [tags] {
mutate {
add_field => { "timestamp" => "%{date_1}/%{date_2}"}
}
}
}