<pre name="code" class="html">日期格式转换:

/***** nginx 访问日志

[elk@zjtest7-frontend config]$ cat stdin02.conf

input {

    stdin {

    }

}

filter {

    grok {

        match => ["message", "%{IPORHOST:clientip} \[%{HTTPDATE:time}\]"]

    }

    #date {

    #    match => ["time", "dd/MMM/yyyy:HH:mm:ss Z"]

    #}

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

 10.171.246.184 [22/Sep/2016:00:13:59 +0800] "GET /resources/css/base.css?06212016 HTTP/1.1" - 200 12638 "https://www.zjcap.cn/"

{

       "message" => " 10.171.246.184 [22/Sep/2016:00:13:59 +0800] \"GET /resources/css/base.css?06212016 HTTP/1.1\" - 200 12638 \"https://www.zjcap.cn/\" ",

      "@version" => "1",

    "@timestamp" => "2016-09-22T00:54:17.154Z",

          "host" => "0.0.0.0",

      "clientip" => "10.171.246.184",

          "time" => "22/Sep/2016:00:13:59 +0800"

}

打开时间转换:

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

 10.171.246.184 [22/Sep/2016:00:13:59 +0800] "GET /resources/css/base.css?06212016 HTTP/1.1" - 200 12638 "https://www.zjcap.cn/"

{

       "message" => " 10.171.246.184 [22/Sep/2016:00:13:59 +0800] \"GET /resources/css/base.css?06212016 HTTP/1.1\" - 200 12638 \"https://www.zjcap.cn/\" ",

      "@version" => "1",

    "@timestamp" => "2016-09-21T16:13:59.000Z",

          "host" => "0.0.0.0",

      "clientip" => "10.171.246.184",

          "time" => "22/Sep/2016:00:13:59 +0800"

}

/***** nginx 错误日志

[elk@zjtest7-frontend config]$ cat stdin02.conf

input {

    stdin {

    }

}

filter {

    grok {

        match => ["message", "(?<time>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME})"]

    }

    #date {

    #    match => ["time", "yyyy/MM/dd HH:mm:ss"]

    #}

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }

关闭date插件:

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

 2016/09/22 08:36:55 [error] 14486#0: *55574 open() "/var/www/zjzc-web-frontEnd/apple-app-site-association"

{

       "message" => " 2016/09/22 08:36:55 [error] 14486#0: *55574 open() \"/var/www/zjzc-web-frontEnd/apple-app-site-association\"",

      "@version" => "1",

    "@timestamp" => "2016-09-22T01:47:28.405Z",

          "host" => "0.0.0.0",

          "time" => "2016/09/22 08:36:55"

}

开启date插件:

[elk@zjtest7-frontend config]$ cat stdin02.conf

input {

    stdin {

    }

}

filter {

    grok {

        match => ["message", "(?<time>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME})"]

    }

    date {

        match => ["time", "yyyy/MM/dd HH:mm:ss"]

    }

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

 2016/09/22 08:36:55 [error] 14486#0: *55574 open() "/var/www/zjzc-web-frontEnd/apple-app-site-association"

{

       "message" => " 2016/09/22 08:36:55 [error] 14486#0: *55574 open() \"/var/www/zjzc-web-frontEnd/apple-app-site-association\"",

      "@version" => "1",

    "@timestamp" => "2016-09-22T00:36:55.000Z",

          "host" => "0.0.0.0",

          "time" => "2016/09/22 08:36:55"

}

/******tomcat access 日志

[elk@zjtest7-frontend config]$ cat stdin02.conf

input {

    stdin {

    }

}

filter {

    grok {

        match => ["message", "\s*%{IPORHOST:clientip}\s+\-\s+\-\s+\[%{HTTPDATE:time}\]"]

    }

    date {

         match => ["time", "dd/MMM/yyyy:HH:mm:ss Z"]

    }

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

10.171.246.184 - - [22/Sep/2016:07:59:04 +0800] "POST /api/notice/page HTTP/1.1" 200 1194 0.055 121.40.169.62

{

       "message" => "10.171.246.184 - - [22/Sep/2016:07:59:04 +0800] \"POST /api/notice/page HTTP/1.1\" 200 1194 0.055 121.40.169.62",

      "@version" => "1",

    "@timestamp" => "2016-09-21T23:59:04.000Z",

          "host" => "0.0.0.0",

      "clientip" => "10.171.246.184",

          "time" => "22/Sep/2016:07:59:04 +0800"

}

/**********tomcat catalina.out 日志

elk@zjtest7-frontend config]$ cat stdin02.conf

input {

    stdin {

    }

}  

filter {

   grok {

        match => ["message", "(?m)\s*%{TIMESTAMP_ISO8601:time}\s+(?<Level>(\S+)).*"]

    }

    date {

        match => ["time", "yyyy-MM-dd HH:mm:ss,SSS"]

    }

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }  

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

2016-09-21 19:10:01,538 INFO com.zjzc.common.utils.HttpUtil

{

       "message" => "2016-09-21 19:10:01,538 INFO com.zjzc.common.utils.HttpUtil",

      "@version" => "1",

    "@timestamp" => "2016-09-21T11:10:01.538Z",

          "host" => "0.0.0.0",

          "time" => "2016-09-21 19:10:01,538",

         "Level" => "INFO"

}  

/************mysql slow log



												


											
logstash 各种时间转换的更多相关文章
	

    
								
  1. Logstash:Data转换,分析,提取,丰富及核心操作
		
    Logstash:Data转换,分析,提取,丰富及核心操作 Logstash plugins Logstash是一个非常容易进行扩张的框架.它可以对各种的数据进行分析处理.这依赖于目前提供的超过200 ...
    
		
    2. 
						
  2. [jquery]将当前时间转换成yyyymmdd格式
		
    如题: function nowtime(){//将当前时间转换成yyyymmdd格式 var mydate = new Date(); var str = "" + mydate ...
    
		
    3. 
						
  3. MySQL 日期、时间转换函数
		
    MySQL 日期.时间转换函数:date_format(date,format), time_format(time,format) 能够把一个日期/时间转换成各种各样的字符串格式.它是 str_to ...
    
		
    4. 
						
  4. java时间类型的转换/获取当前时间/将时间转换成String/将String转换成时间
		
    对于我的脑子,我已经服气了...写了N遍的东西,就是记不住...既然记不住那就记下来... 利用java获取当前的时间(String类型,年-月-日 时:分:秒) //我要获取当前的日期 Date d ...
    
		
    5. 
						
  5. inner join ,left join ,right join 以及java时间转换
		
    1.inner join ,left join 与 right join (from 百度知道) 例表aaid adate1    a12    a23    a3表bbid  bdate1      ...
    
		
    6. 
						
  6. Python基本时间转换
		
    时间转换 python中处理时间的时候,最常用的就是字符形式与时间戳之间的转换. 把最基本的转换在这里记下来 string -> timestamp import time import dat ...
    
		
    7. 
						
  7. Date类型时间转换
		
    /* 时间转换start */ public static void main(String args[]) { Date nowTime = new Date(); System.out.print ...
    
		
    8. 
						
  8. unix环境C编程之日期时间转换
		
    1.理清概念 1.1.日历时间:   含义:国际标准时间1970年1月1日00:00:00以来经过的秒数.   数据类型:time_t.实际上是long的别名. 1.2.tm结构时间:   含义:结构 ...
    
		
    9. 
						
  9. php时间转换unix时间戳
		
    本文介绍了php编程中unix时间戳转换的小例子,有关php时间转换.php时间戳的实例代码,有需要的朋友参考下. 第一部分,php 时间转换unix 时间戳实现代码. 复制代码代码示例: <? ...
    
		
    10. 
		

	


随机推荐
	

    
									
  1. [LeetCode] 35. Search Insert Position 解决思路
			
    Given a sorted array and a target value, return the index if the target is found. If not, return the ...
    
			
    2. 
						
  2. enable ide
			
    http://pve.proxmox.com/wiki/Migration_of_servers_to_Proxmox_VE The vmware system consists of two dis ...
    
			
    3. 
						
  3. split
			
    import java.io.IOException; import org.jsoup.Jsoup; import org.jsoup.nodes.Document; /** * 解析知网文章的页面 ...
    
			
    4. 
						
  4. CornerStone 破解 最简单的破解方法
			
    方法一:最近在用cornerstone这个svn的软件感觉非常不错,但是竟然忘了破解,以至于到了14天试用期的最后一天才开始破解, 其实方法很简单,就是修高试用期的天数,找到plist文件把14天改为 ...
    
			
    5. 
						
  5. 转义字符和ASCII
			
    一.字符(char)   数字(int)   屏幕显示 '\n'                      10                   换行 '\0'                   ...
    
			
    6. 
						
  6. Sqoop是一款开源的工具,主要用于在HADOOP(Hive)与传统的数据库(mysql、oracle...)间进行数据的传递
			
    http://niuzhenxin.iteye.com/blog/1706203   Sqoop是一款开源的工具,主要用于在HADOOP(Hive)与传统的数据库(mysql.postgresql.. ...
    
			
    7. 
						
  7. JSP小实例--计算器
			
    package cn.com.caculate; import java.math.BigDecimal; public class caculate { private String firstNu ...
    
			
    8. 
						
  8. windows安装PHP5.4.13 +Apache2.4.4(转)
			
    下载了PHP5.4.13 +Apache2.4.4,开始在网上下教程. 环境配置遇到的第一个问题就是网上很多教程是针对老版本的PHP和apache,不得不搜了很久才搜到这篇文章. windows安装P ...
    
			
    9. 
						
  9. [小工具] Command-line CPU Killer(附源码及下载链接)
			
    博主有次在拆卸自己的笔记本电脑后,发现电脑如果静置时间长了有时会重启,但奇怪的是当我自己在电脑前工作的时候从来没有重启过.据此推测可能 CPU 完全空闲的时候风扇完全停转了,虽然 CPU 温度不高,但 ...
    
			
    10. 
						
  10. 网页、JavaScript 的DOM操作
			
    HTML DOM (文档对象模型) 当网页被加载时,浏览器会创建页面的文档对象模型(Document Object Model). HTML DOM 模型被构造为对象的树.  Windows 对象操作 ...
    
			
    11.