logstash date插件

来源:互联网 发布:美国反对美国 知乎 编辑:程序博客网 时间:2021/02/25 07:48
[elk@dr-mysql01 api-access]$ dateWed Nov 30 19:21:35 CST 2016[elk@dr-mysql01 api-access]$ [elk@dr-mysql01 config]$  ../bin/logstash -f stdin02.conf Settings: Default pipeline workers: 8Pipeline main started12/Sep/2016:21:32:33 +0800{       "message" => "12/Sep/2016:21:32:33 +0800",      "@version" => "1",    "@timestamp" => "2016-11-30T11:21:57.442Z",  ##时间为当前系统时间          "host" => "dr-mysql01.zjcap.com",       "logdate" => "12/Sep/2016:21:32:33 +0800"}[elk@dr-mysql01 config]$  ../bin/logstash -f stdin02.conf Settings: Default pipeline workers: 8Pipeline main started12/Sep/2016:21:32:33 +0800{          "message" => "12/Sep/2016:21:32:33 +0800",         "@version" => "1",       "@timestamp" => "2016-09-12T13:32:33.000Z",             "host" => "dr-mysql01.zjcap.com",          "logdate" => "12/Sep/2016:21:32:33 +0800",    "response_time" => "12/Sep/2016:21:32:33 +0800"}c[elk@dr-mysql01 config]$ cat stdin02.conf input {    stdin {    }}filter {    grok {        match => ["message", "%{HTTPDATE:logdate}"]    }    date {        match => ["logdate", "dd/MMM/yyyy:HH:mm:ss Z"]        add_field =>["response_time","%{logdate}"]    }}output { stdout {  codec=>rubydebug{}   } }/****************iss日志2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45[elk@dr-mysql01 config]$ cat iss.conf input {    stdin {    }}filter {    grok {        match => [             "message" ,"\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*"                ]       }         date {        match => ["time", "yyyy-MM-dd HH:mm:ss"]    }}output { stdout {                        codec => rubydebug                }   }[elk@dr-mysql01 config]$ ../bin/logstash -f iss.conf Settings: Default pipeline workers: 8Pipeline main started2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45{            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",           "@version" => "1",         "@timestamp" => "2016-11-29T22:33:33.000Z",               "host" => "dr-mysql01.zjcap.com",               "time" => "2016-11-30 06:33:33",           "clientip" => "192.168.5.116",               "verb" => "GET",            "request" => "/Hotel/HotelDisplay/cncqcqb230",               "port" => "80",           "sourceip" => "192.168.9.2",    "http_user_agent" => "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko "[elk@dr-mysql01 config]$ cat iss.conf input {    stdin {    }}filter {    grok {        match => [             "message" ,"\s*(?<time>([0-9]{4}\-[0-9]{2}\-[0-9]{2}\s+[0-9]{2}:[0-9]{2}:[0-9]{2}))\s+%{IPORHOST:clientip}\s+%{WORD:verb}\s+%{URIPATHPARAM:request}\s+\-\s+(?<port>([0-9]{2}.*?))\s+\-\s+%{IPORHOST:sourceip}\s+(?<http_user_agent>(\S+\s+).*?).*"                ]       }         date {        match => ["time", "yyyy-MM-dd HH:mm:ss Z"]    }}output { stdout {                        codec => rubydebug                }   }[elk@dr-mysql01 config]$ ../bin/logstash -f iss.conf Settings: Default pipeline workers: 8Pipeline main started2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45Failed parsing date from field {:field=>"time", :value=>"2016-11-30 06:33:33", :exception=>"Invalid format: \"2016-11-30 06:33:33\" is too short", :config_parsers=>"yyyy-MM-dd HH:mm:ss Z", :config_locale=>"default=en_US", :level=>:warn}{            "message" => "2016-11-30 06:33:33 192.168.5.116 GET /Hotel/HotelDisplay/cncqcqb230 - 80 - 192.168.9.2 Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko - 200 0 0 45",           "@version" => "1",         "@timestamp" => "2016-11-30T11:28:32.972Z",               "host" => "dr-mysql01.zjcap.com",               "time" => "2016-11-30 06:33:33",           "clientip" => "192.168.5.116",               "verb" => "GET",            "request" => "/Hotel/HotelDisplay/cncqcqb230",               "port" => "80",           "sourceip" => "192.168.9.2",    "http_user_agent" => "Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X+10.9;+en-US;+rv:1.9pre)+Gecko ",               "tags" => [        [0] "_dateparsefailure"    ]}

0 0