If you have a time/date field in your data, e.g. syslog time and you want to match @timestamp with it you do this as the following:
Add to filter {}
date {
match => [ "logtime", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ] #syslog pattern
target => "@timestamp"
timezone => "UTC" #set the timezone to the one your logs are originally in
}
The 'logtime' field is my syslog date field.
Logstash Version: 5.4.1-1
No comments:
Post a Comment