date是用来处理时间的插件
1.替换@timestamp时间戳:timestamp是从日志抽取出来的时间,后面是匹配timestamp的时间格式
1)时间格式:2018-02-06T12:37:17.513+0800
配置格式:
date{
match => ["timestamp","ISO8601","yyyy-MM-dd'T'HH:mm:ss.SSSZZ"]
target => "@timestamp"
}
2)时间格式:2018-02-06T12:37:17.513+0800
配置格式:
date{
match => ["timestamp","yyyy-MM-dd HH:mm:ss,SSS"]
target => "@timestamp"
}
1.替换@timestamp时间戳:timestamp是从日志抽取出来的时间,后面是匹配timestamp的时间格式
1)时间格式:2018-02-06T12:37:17.513+0800
配置格式:
date{
match => ["timestamp","ISO8601","yyyy-MM-dd'T'HH:mm:ss.SSSZZ"]
target => "@timestamp"
}
2)时间格式:2018-02-06T12:37:17.513+0800
配置格式:
date{
match => ["timestamp","yyyy-MM-dd HH:mm:ss,SSS"]
target => "@timestamp"
}