logstash配置文件
input {
stdin{}
}
filter {
json {
source => "message"
}
grok {
match => ["log_time", "%{HTTPDATE:logdate}"]
}
date {
match => ["logdate", "DD/MMM/yyy:HH:mm:SS Z"]
target => "@timestamp"
}
}
output{
stdout{
codec=>rubydebug{}
}
}
我这边时间处理有些问题,有没有大神可有帮忙解决一下
输入的json {"log_time": "12/Oct/2017:11:02:03 +0800"}
输出的
{
"@version" => "1",
"host" => "kafka",
"@timestamp" => 2017-01-12T03:02:00.030Z,
"message" => "{\"log_time\": \"12/Oct/2017:11:02:03 +0800\"}",
"log_time" => "12/Oct/2017:11:02:03 +0800",
"logdate" => "12/Oct/2017:11:02:03 +0800"
}
@timestamp这里月份不是,我输入不论几月份,一直出来都是1月
input {
stdin{}
}
filter {
json {
source => "message"
}
grok {
match => ["log_time", "%{HTTPDATE:logdate}"]
}
date {
match => ["logdate", "DD/MMM/yyy:HH:mm:SS Z"]
target => "@timestamp"
}
}
output{
stdout{
codec=>rubydebug{}
}
}
我这边时间处理有些问题,有没有大神可有帮忙解决一下
输入的json {"log_time": "12/Oct/2017:11:02:03 +0800"}
输出的
{
"@version" => "1",
"host" => "kafka",
"@timestamp" => 2017-01-12T03:02:00.030Z,
"message" => "{\"log_time\": \"12/Oct/2017:11:02:03 +0800\"}",
"log_time" => "12/Oct/2017:11:02:03 +0800",
"logdate" => "12/Oct/2017:11:02:03 +0800"
}
@timestamp这里月份不是,我输入不论几月份,一直出来都是1月
1 个回复
simonlei
赞同来自:
这里 DD 是指 day of the year,所以它会忽略后面的MMM,认为你所有的日期都是1月份的。
要用dd