search

bpaquet / node-logstash

Simple logstash implmentation in nodejs : file log collection, sent with zeromq
Other
517 stars 141 forks source link

Question: syslog time as @timestamp using grok filter #83

Closed megastef closed 9 years ago

megastef commented 9 years ago

my filter: filter://grok://?grok=%{SYSLOGTIMESTAMP:sys_log_time} %{DATA:message}

How can I define that sys_log_time is parsed and used in the @timestamp field?

bpaquet commented 9 years ago

This should work : use %{SYSLOGTIMESTAMP:timestamp} in the grok expression, and add date_format parameter which to parse the date. Date format are documented here : http://momentjs.com/docs/#/parsing/string-format/

Bertrand

On Mon, Jan 5, 2015 at 9:02 PM, Stefan Thies notifications@github.com wrote:

my filter: filter://grok://?grok=%{SYSLOGTIMESTAMP:sys_log_time} %{DATA:message}

How can I define that sys_log_time is parsed and used in the @timestamp https://github.com/timestamp field?

— Reply to this email directly or view it on GitHub https://github.com/bpaquet/node-logstash/issues/83.

megastef commented 9 years ago

cool thx!