案例 日志格式:
- | - | 08/Mar/2018:03:31:14 +0800
匹配配置文件:
input {
stdin {
} }
filter { grok { match => [ "message", "%{USER} | %{USER} | %{HTTPDATE:timestamp}" ] } date { match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ] locale => "en" } } output { stdout {
codec=>rubydebug{}
} }
