Hi guys, I persist in this same thread 😞 now have this scenario. My parser with lognormalizer is okay ... but when I redirect to the elasticsearch the timestamp is not recognized.
I have this data(exim log): 2016-11-16 08:58:00 my parser:%day: date-iso% %time: word% in this case I have two variables to a timestamp. I need that two variables are just a variable to provide for elasticsearch then recognize as a real timestamp. With my scenario ES not recognized my timestamp. ~Regards On Fri, 4 Nov 2016 at 07:32 Leandro do Nascimento Bernardo < [email protected]> wrote: > Thanks again Matthew! > > ~Regards > Leandro Bernardo > > On Thu, 3 Nov 2016 at 13:12 matthew.gaetano <[email protected]> > wrote: > > You can find all the documentation @ > http://www.liblognorm.com/files/manual/index.html > <http://www.liblognorm.com/files/manual/index.html> > > when using "char-to" field type you need to set the extra data parameter so > it knows what character to stop at. In your example it would be > %hour:char-to:-% where "-" represents the character after the hour. > remember > that you will still need to account for "-" as a literal afterwards. > > That said you could also just use the field type "date-iso" to capture your > date string, depending on what your trying to do. > > ~Regards > > Matthew Gaetano > > > > -- > View this message in context: > http://rsyslog-users.1305293.n2.nabble.com/Rsyslog-to-JSON-parser-tp7591413p7591440.html > Sent from the rsyslog-users mailing list archive at Nabble.com. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
