logging - Formatting Windows timestamp using Logstash -
i have integrated windows event logs logstash. timestamp on windows event logs looks this: 20131007071942.087375-000
to convert timestamp readable 1 have used date filter on logstash.
date{ match => [ "timegenerated", "yyyymmddhhmmss.ssssss-sss" ] } this gives me error :
←[33mfailed parsing date field {:field=>"timegenerated", :value=>"20131007080720.040037- 000", :exception=>java.lang.illegalargumentexception: invalid format: "20131007080720.040037- 000" short, :level=>:warn}←[0m it great if me fix this. thanks
try using grok debugger:
http://grokdebug.herokuapp.com/
and looking @ existing regex patterns: https://github.com/logstash/logstash/tree/master/patterns
to started:
%{year:yyyy}%{monthnum:mm}%{monthday:dd}%{greedydata:remainder}
Comments
Post a Comment