logstash 各類時間轉換
<pre name="code" class="html">日期格式轉換:
/***** nginx 訪問日誌
[elk@zjtest7-frontend config]$ cat stdin02.conf
input {
stdin {
}
}
filter {
grok {
match => ["message", "%{IPORHOST:clientip} \[%{HTTPDATE:time}\]"]
}
#date {
# match => ["time", "dd/MMM/yyyy:HH:mm:ss Z"]
#}
}
output {
stdout {
codec=>rubydebug{}
}
}
[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf
Settings: Default pipeline workers: 1
Pipeline main started
10.171.246.184 [22/Sep/2016:00:13:59 +0800] "GET /resources/css/base.css?06212016 HTTP/1.1" - 200 12638 "https://www.zjcap.cn/"
{
"message" => " 10.171.246.184 [22/Sep/2016:00:13:59 +0800] \"GET /resources/css/base.css?06212016 HTTP/1.1\" - 200 12638 \"https://www.zjcap.cn/\" ",
"@version" => "1",
"@timestamp" => "2016-09-22T00:54:17.154Z",
"host" => "0.0.0.0",
"clientip" => "10.171.246.184",
"time" => "22/Sep/2016:00:13:59 +0800"
}
打開時間轉換:
[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf
Settings: Default pipeline workers: 1
Pipeline main started
10.171.246.184 [22/Sep/2016:00:13:59 +0800] "GET /resources/css/base.css?06212016 HTTP/1.1" - 200 12638 "https://www.zjcap.cn/"
{
"message" => " 10.171.246.184 [22/Sep/2016:00:13:59 +0800] \"GET /resources/css/base.css?06212016 HTTP/1.1\" - 200 12638 \"https://www.zjcap.cn/\" ",
"@version" => "1",
"@timestamp" => "2016-09-21T16:13:59.000Z",
"host" => "0.0.0.0",
"clientip" => "10.171.246.184",
"time" => "22/Sep/2016:00:13:59 +0800"
}
/***** nginx 錯誤日誌
[elk@zjtest7-frontend config]$ cat stdin02.conf
input {
stdin {
}
}
filter {
grok {
match => ["message", "(?<time>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME})"]
}
#date {
# match => ["time", "yyyy/MM/dd HH:mm:ss"]
#}
}
output {
stdout {
codec=>rubydebug{}
}
}
關閉date插件:
[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf
Settings: Default pipeline workers: 1
Pipeline main started
2016/09/22 08:36:55 [error] 14486#0: *55574 open() "/var/www/zjzc-web-frontEnd/apple-app-site-association"
{
"message" => " 2016/09/22 08:36:55 [error] 14486#0: *55574 open() \"/var/www/zjzc-web-frontEnd/apple-app-site-association\"",
"@version" => "1",
"@timestamp" => "2016-09-22T01:47:28.405Z",
"host" => "0.0.0.0",
"time" => "2016/09/22 08:36:55"
}
開啓date插件:
[elk@zjtest7-frontend config]$ cat stdin02.conf
input {
stdin {
}
}
filter {
grok {
match => ["message", "(?<time>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME})"]
}
date {
match => ["time", "yyyy/MM/dd HH:mm:ss"]
}
}
output {
stdout {
codec=>rubydebug{}
}
}
[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf
Settings: Default pipeline workers: 1
Pipeline main started
2016/09/22 08:36:55 [error] 14486#0: *55574 open() "/var/www/zjzc-web-frontEnd/apple-app-site-association"
{
"message" => " 2016/09/22 08:36:55 [error] 14486#0: *55574 open() \"/var/www/zjzc-web-frontEnd/apple-app-site-association\"",
"@version" => "1",
"@timestamp" => "2016-09-22T00:36:55.000Z",
"host" => "0.0.0.0",
"time" => "2016/09/22 08:36:55"
}
/******tomcat access 日誌
[elk@zjtest7-frontend config]$ cat stdin02.conf
input {
stdin {
}
}
filter {
grok {
match => ["message", "\s*%{IPORHOST:clientip}\s+\-\s+\-\s+\[%{HTTPDATE:time}\]"]
}
date {
match => ["time", "dd/MMM/yyyy:HH:mm:ss Z"]
}
}
output {
stdout {
codec=>rubydebug{}
}
}
[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf
Settings: Default pipeline workers: 1
Pipeline main started
10.171.246.184 - - [22/Sep/2016:07:59:04 +0800] "POST /api/notice/page HTTP/1.1" 200 1194 0.055 121.40.169.62
{
"message" => "10.171.246.184 - - [22/Sep/2016:07:59:04 +0800] \"POST /api/notice/page HTTP/1.1\" 200 1194 0.055 121.40.169.62",
"@version" => "1",
"@timestamp" => "2016-09-21T23:59:04.000Z",
"host" => "0.0.0.0",
"clientip" => "10.171.246.184",
"time" => "22/Sep/2016:07:59:04 +0800"
}
/**********tomcat catalina.out 日誌
elk@zjtest7-frontend config]$ cat stdin02.conf
input {
stdin {
}
}
filter {
grok {
match => ["message", "(?m)\s*%{TIMESTAMP_ISO8601:time}\s+(?<Level>(\S+)).*"]
}
date {
match => ["time", "yyyy-MM-dd HH:mm:ss,SSS"]
}
}
output {
stdout {
codec=>rubydebug{}
}
}
[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf
Settings: Default pipeline workers: 1
Pipeline main started
2016-09-21 19:10:01,538 INFO com.zjzc.common.utils.HttpUtil
{
"message" => "2016-09-21 19:10:01,538 INFO com.zjzc.common.utils.HttpUtil",
"@version" => "1",
"@timestamp" => "2016-09-21T11:10:01.538Z",
"host" => "0.0.0.0",
"time" => "2016-09-21 19:10:01,538",
"Level" => "INFO"
}
/************mysql slow log
相關文章
- 1. logstash 各類時間轉換
- 2. java8中時間的各類轉換(LocalDateTime)
- 3. android 時間格式 各類轉換
- 4. 時間戳與各類時間格式之間的轉換
- 5. Aandroid上的時間轉換(將時間轉換成各類格式)
- 6. java各類時間類型之間的轉換
- 7. logstash mutate 類型轉換
- 8. js 各式各樣的時間計算以及時間轉換
- 9. Teradata 時間類型轉換
- 10. Java時間類型轉換
- 更多相關文章...
- • C# 類型轉換 - C#教程
- • Swift 類型轉換 - Swift 教程
- • Kotlin學習(二)基本類型
- • 爲了進字節跳動,我精選了29道Java經典算法題,帶詳細講解
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. No provider available from registry 127.0.0.1:2181 for service com.ddbuy.ser 解決方法
- 2. Qt5.7以上調用虛擬鍵盤(支持中文),以及源碼修改(可拖動,水平縮放)
- 3. 軟件測試面試- 購物車功能測試用例設計
- 4. ElasticSearch(概念篇):你知道的, 爲了搜索…
- 5. redux理解
- 6. gitee創建第一個項目
- 7. 支持向量機之硬間隔(一步步推導,通俗易懂)
- 8. Mysql 異步複製延遲的原因及解決方案
- 9. 如何在運行SEPM配置嚮導時將不可認的複雜數據庫密碼改爲簡單密碼
- 10. windows系統下tftp服務器使用
歡迎關注本站公眾號,獲取更多信息
