openstack
/
logstash-filters
Code Issues Proposed changes

Parse timestamps in libvirt logs properly. 

The libvirt logs use a slightly different timestamp than the other log
files (iso8601 including the timezone offset) which makes logstash
unhappy when it receives these timestamps. Parse them properly to keep
logstash logs under control and hopefully happy.

Change-Id: I18b7f263d083d9babbdf1404298cb7def0b8501a
This commit is contained in:
Clark Boylan 2014-02-11 11:31:19 -08:00
parent e78d152c2a
commit 1fd943286c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
indexer.conf.erb
View File

@ -102,7 +102,7 @@ filter {
if ! ("_grokparsefailure" in [tags]) {
date {
match => [ "logdate", "yyyy-MM-dd HH:mm:ss.SSS", "yyyy-MM-dd HH:mm:ss,SSS", "yyyy-MM-dd HH:mm:ss", "MMM d HH:mm:ss", "MMM dd HH:mm:ss", "dd/MMM/yyyy:HH:mm:ss Z" ]
match => [ "logdate", "yyyy-MM-dd HH:mm:ss.SSS", "yyyy-MM-dd HH:mm:ss,SSS", "yyyy-MM-dd HH:mm:ss", "MMM d HH:mm:ss", "MMM dd HH:mm:ss", "dd/MMM/yyyy:HH:mm:ss Z", "yyyy-MM-dd HH:mm:ss.SSSZ" ]
timezone => "UTC"
}
mutate {