日期格式怎么匹配问题?
来源:12-4 filter插件之grok简介(上)
苦瓜苦也
2020-03-02
原来的日志格式是
Mar 2 13:02:10 h5_161_238 postfix/qmgr[1542]: 5B901C042F: removed
{
"date" : {
"field" : "systime",
"target_field" : "@timestamp",
"formats" : [
"MMM dd HH:mm:ss"
],
"timezone" : "Asia/Shanghai"
}
}
}
"caused_by":{"type":"illegal_argument_exception","reason":"failed to parse date field [Mar 2 16:31:01] with format [MMM dd HH:mm:ss]","caused_by":{"type":"date_time_parse_exception","reason":"date_time_parse_exception: Text 'Mar 2 16:31:01' could not be parsed at index 5"}}}
报错这个怎么date.formats匹配呢?查了官网文档还是不会?
https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-date-format.html
写回答
2回答
-
可以考虑用 ruby filter 处理一下
012020-03-06 -
rockybean
2020-03-04
没有 year 的信息,那么没法解析成日期
00
相似问题
h3c syslog日志格式问题
回答 1
怎么精确匹配结果
回答 1