filter {
grok {
match => ["message","\s*\[%{TIMESTAMP_ISO8601:time}\]\s*(?<str>(.*))"]
}
date {
match => ["syslog_timestamp","MMM dd HH:mm:ss"]
add_field =>{'zjzc' => "helloworld ,from %{syslog_timestamp}"}
add_tag => [ "foo_%{str}","tdd_%{syslog_timestamp}" ]
}
只能匹配
'[2020-12-03 00:55:29.177][RROR][example][rce]' 这种格式的日期
不能匹配 '[20201203 00:55:29.177][RROR][example][rce]'