zoukankan      html  css  js  c++  java
  • logstash 各种时间转换

    <pre name="code" class="html">日期格式转换:
    
    /***** nginx 访问日志
    [elk@zjtest7-frontend config]$ cat stdin02.conf 
    input {
        stdin {
        }
    }
    filter {
        grok {
            match => ["message", "%{IPORHOST:clientip} [%{HTTPDATE:time}]"]
        }
        #date {
        #    match => ["time", "dd/MMM/yyyy:HH:mm:ss Z"]
        #}
    }
    output {
     stdout {
      codec=>rubydebug{}
       }
     }
    
    [elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf 
    Settings: Default pipeline workers: 1
    Pipeline main started
     10.171.246.184 [22/Sep/2016:00:13:59 +0800] "GET /resources/css/base.css?06212016 HTTP/1.1" - 200 12638 "https://www.zjcap.cn/" 
    {
           "message" => " 10.171.246.184 [22/Sep/2016:00:13:59 +0800] "GET /resources/css/base.css?06212016 HTTP/1.1" - 200 12638 "https://www.zjcap.cn/" ",
          "@version" => "1",
        "@timestamp" => "2016-09-22T00:54:17.154Z",
              "host" => "0.0.0.0",
          "clientip" => "10.171.246.184",
              "time" => "22/Sep/2016:00:13:59 +0800"
    }
    
    
    打开时间转换:
    [elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf 
    Settings: Default pipeline workers: 1
    Pipeline main started
     10.171.246.184 [22/Sep/2016:00:13:59 +0800] "GET /resources/css/base.css?06212016 HTTP/1.1" - 200 12638 "https://www.zjcap.cn/" 
    {
           "message" => " 10.171.246.184 [22/Sep/2016:00:13:59 +0800] "GET /resources/css/base.css?06212016 HTTP/1.1" - 200 12638 "https://www.zjcap.cn/" ",
          "@version" => "1",
        "@timestamp" => "2016-09-21T16:13:59.000Z",
              "host" => "0.0.0.0",
          "clientip" => "10.171.246.184",
              "time" => "22/Sep/2016:00:13:59 +0800"
    }
    
    
    
    /***** nginx 错误日志
    [elk@zjtest7-frontend config]$ cat stdin02.conf 
    input {
        stdin {
        }
    }
    filter {
        grok {
            match => ["message", "(?<time>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME})"]
        }
        #date {
        #    match => ["time", "yyyy/MM/dd HH:mm:ss"]
        #}
    }
    output {
     stdout {
      codec=>rubydebug{}
       }
     }
     
    关闭date插件:
    [elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf 
    Settings: Default pipeline workers: 1
    Pipeline main started
     2016/09/22 08:36:55 [error] 14486#0: *55574 open() "/var/www/zjzc-web-frontEnd/apple-app-site-association"
    {
           "message" => " 2016/09/22 08:36:55 [error] 14486#0: *55574 open() "/var/www/zjzc-web-frontEnd/apple-app-site-association"",
          "@version" => "1",
        "@timestamp" => "2016-09-22T01:47:28.405Z",
              "host" => "0.0.0.0",
              "time" => "2016/09/22 08:36:55"
    }
    
    
    
    开启date插件:
    
    
    [elk@zjtest7-frontend config]$ cat stdin02.conf 
    input {
        stdin {
        }
    }
    filter {
        grok {
            match => ["message", "(?<time>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME})"]
        }
        date {
            match => ["time", "yyyy/MM/dd HH:mm:ss"]
        }
    }
    output {
     stdout {
      codec=>rubydebug{}
       }
     }
     
    [elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf 
    Settings: Default pipeline workers: 1
    Pipeline main started
     2016/09/22 08:36:55 [error] 14486#0: *55574 open() "/var/www/zjzc-web-frontEnd/apple-app-site-association"
    {
           "message" => " 2016/09/22 08:36:55 [error] 14486#0: *55574 open() "/var/www/zjzc-web-frontEnd/apple-app-site-association"",
          "@version" => "1",
        "@timestamp" => "2016-09-22T00:36:55.000Z",
              "host" => "0.0.0.0",
              "time" => "2016/09/22 08:36:55"
    }
    
    
    /******tomcat access 日志
    [elk@zjtest7-frontend config]$ cat stdin02.conf 
    input {
        stdin {
        }
    }
    filter {
        grok {
            match => ["message", "s*%{IPORHOST:clientip}s+-s+-s+[%{HTTPDATE:time}]"]
        }
        date {
             match => ["time", "dd/MMM/yyyy:HH:mm:ss Z"]
        }
    }
    output {
     stdout {
      codec=>rubydebug{}
       }
     }
    
    
    [elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf 
    Settings: Default pipeline workers: 1
    Pipeline main started
    10.171.246.184 - - [22/Sep/2016:07:59:04 +0800] "POST /api/notice/page HTTP/1.1" 200 1194 0.055 121.40.169.62
    {
           "message" => "10.171.246.184 - - [22/Sep/2016:07:59:04 +0800] "POST /api/notice/page HTTP/1.1" 200 1194 0.055 121.40.169.62",
          "@version" => "1",
        "@timestamp" => "2016-09-21T23:59:04.000Z",
              "host" => "0.0.0.0",
          "clientip" => "10.171.246.184",
              "time" => "22/Sep/2016:07:59:04 +0800"
    }
    
    /**********tomcat catalina.out 日志
    
    elk@zjtest7-frontend config]$ cat stdin02.conf   
    input {  
        stdin {  
        }  
    }  
      
    filter {  
       grok {    
            match => ["message", "(?m)s*%{TIMESTAMP_ISO8601:time}s+(?<Level>(S+)).*"]    
        }   
        date {  
            match => ["time", "yyyy-MM-dd HH:mm:ss,SSS"]  
        }  
    }  
    output {  
     stdout {  
      codec=>rubydebug{}  
       }  
     }  
       
    [elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf   
    Settings: Default pipeline workers: 1  
    Pipeline main started  
    2016-09-21 19:10:01,538 INFO com.zjzc.common.utils.HttpUtil  
    {  
           "message" => "2016-09-21 19:10:01,538 INFO com.zjzc.common.utils.HttpUtil",  
          "@version" => "1",  
        "@timestamp" => "2016-09-21T11:10:01.538Z",  
              "host" => "0.0.0.0",  
              "time" => "2016-09-21 19:10:01,538",  
             "Level" => "INFO"  
    }  
    
    /************mysql slow log
    
    
    
    
    


    
    
    
                                        
    
  • 相关阅读:
    Android UI--自定义ListView(实现下拉刷新+加载更多)
    12306火车票订票网站的一个Bug
    golang中赋值string到array
    Node.js学习(14)----EJS模板引擎
    操作系统
    springMVC学习笔记--初识springMVC
    sqlplus 连接数据库报错SP2-0642: SQL*Plus internal error state 2130, context 0:0:0
    对于事务和同步(并发)的简要理解
    Jsoup入门
    [LeetCode]Single Number
  • 原文地址:https://www.cnblogs.com/hzcya1995/p/13350233.html
Copyright © 2011-2022 走看看