<pre name="code" class="html">日期格式转换:

/***** nginx 访问日志

[elk@zjtest7-frontend config]$ cat stdin02.conf

input {

    stdin {

    }

}

filter {

    grok {

        match => ["message", "%{IPORHOST:clientip} \[%{HTTPDATE:time}\]"]

    }

    #date {

    #    match => ["time", "dd/MMM/yyyy:HH:mm:ss Z"]

    #}

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

 10.171.246.184 [22/Sep/2016:00:13:59 +0800] "GET /resources/css/base.css?06212016 HTTP/1.1" - 200 12638 "https://www.zjcap.cn/"

{

       "message" => " 10.171.246.184 [22/Sep/2016:00:13:59 +0800] \"GET /resources/css/base.css?06212016 HTTP/1.1\" - 200 12638 \"https://www.zjcap.cn/\" ",

      "@version" => "1",

    "@timestamp" => "2016-09-22T00:54:17.154Z",

          "host" => "0.0.0.0",

      "clientip" => "10.171.246.184",

          "time" => "22/Sep/2016:00:13:59 +0800"

}

打开时间转换:

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

 10.171.246.184 [22/Sep/2016:00:13:59 +0800] "GET /resources/css/base.css?06212016 HTTP/1.1" - 200 12638 "https://www.zjcap.cn/"

{

       "message" => " 10.171.246.184 [22/Sep/2016:00:13:59 +0800] \"GET /resources/css/base.css?06212016 HTTP/1.1\" - 200 12638 \"https://www.zjcap.cn/\" ",

      "@version" => "1",

    "@timestamp" => "2016-09-21T16:13:59.000Z",

          "host" => "0.0.0.0",

      "clientip" => "10.171.246.184",

          "time" => "22/Sep/2016:00:13:59 +0800"

}

/***** nginx 错误日志

[elk@zjtest7-frontend config]$ cat stdin02.conf

input {

    stdin {

    }

}

filter {

    grok {

        match => ["message", "(?<time>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME})"]

    }

    #date {

    #    match => ["time", "yyyy/MM/dd HH:mm:ss"]

    #}

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }

关闭date插件:

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

 2016/09/22 08:36:55 [error] 14486#0: *55574 open() "/var/www/zjzc-web-frontEnd/apple-app-site-association"

{

       "message" => " 2016/09/22 08:36:55 [error] 14486#0: *55574 open() \"/var/www/zjzc-web-frontEnd/apple-app-site-association\"",

      "@version" => "1",

    "@timestamp" => "2016-09-22T01:47:28.405Z",

          "host" => "0.0.0.0",

          "time" => "2016/09/22 08:36:55"

}

开启date插件:

[elk@zjtest7-frontend config]$ cat stdin02.conf

input {

    stdin {

    }

}

filter {

    grok {

        match => ["message", "(?<time>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME})"]

    }

    date {

        match => ["time", "yyyy/MM/dd HH:mm:ss"]

    }

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

 2016/09/22 08:36:55 [error] 14486#0: *55574 open() "/var/www/zjzc-web-frontEnd/apple-app-site-association"

{

       "message" => " 2016/09/22 08:36:55 [error] 14486#0: *55574 open() \"/var/www/zjzc-web-frontEnd/apple-app-site-association\"",

      "@version" => "1",

    "@timestamp" => "2016-09-22T00:36:55.000Z",

          "host" => "0.0.0.0",

          "time" => "2016/09/22 08:36:55"

}

/******tomcat access 日志

[elk@zjtest7-frontend config]$ cat stdin02.conf

input {

    stdin {

    }

}

filter {

    grok {

        match => ["message", "\s*%{IPORHOST:clientip}\s+\-\s+\-\s+\[%{HTTPDATE:time}\]"]

    }

    date {

         match => ["time", "dd/MMM/yyyy:HH:mm:ss Z"]

    }

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

10.171.246.184 - - [22/Sep/2016:07:59:04 +0800] "POST /api/notice/page HTTP/1.1" 200 1194 0.055 121.40.169.62

{

       "message" => "10.171.246.184 - - [22/Sep/2016:07:59:04 +0800] \"POST /api/notice/page HTTP/1.1\" 200 1194 0.055 121.40.169.62",

      "@version" => "1",

    "@timestamp" => "2016-09-21T23:59:04.000Z",

          "host" => "0.0.0.0",

      "clientip" => "10.171.246.184",

          "time" => "22/Sep/2016:07:59:04 +0800"

}

/**********tomcat catalina.out 日志

elk@zjtest7-frontend config]$ cat stdin02.conf

input {

    stdin {

    }

}  

filter {

   grok {

        match => ["message", "(?m)\s*%{TIMESTAMP_ISO8601:time}\s+(?<Level>(\S+)).*"]

    }

    date {

        match => ["time", "yyyy-MM-dd HH:mm:ss,SSS"]

    }

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }  

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

2016-09-21 19:10:01,538 INFO com.zjzc.common.utils.HttpUtil

{

       "message" => "2016-09-21 19:10:01,538 INFO com.zjzc.common.utils.HttpUtil",

      "@version" => "1",

    "@timestamp" => "2016-09-21T11:10:01.538Z",

          "host" => "0.0.0.0",

          "time" => "2016-09-21 19:10:01,538",

         "Level" => "INFO"

}  

/************mysql slow log



												


											
logstash 各种时间转换的更多相关文章
	

    
								
  1. Logstash:Data转换,分析,提取,丰富及核心操作
		
    Logstash:Data转换,分析,提取,丰富及核心操作 Logstash plugins Logstash是一个非常容易进行扩张的框架.它可以对各种的数据进行分析处理.这依赖于目前提供的超过200 ...
    
		
    2. 
						
  2. [jquery]将当前时间转换成yyyymmdd格式
		
    如题: function nowtime(){//将当前时间转换成yyyymmdd格式 var mydate = new Date(); var str = "" + mydate ...
    
		
    3. 
						
  3. MySQL 日期、时间转换函数
		
    MySQL 日期.时间转换函数:date_format(date,format), time_format(time,format) 能够把一个日期/时间转换成各种各样的字符串格式.它是 str_to ...
    
		
    4. 
						
  4. java时间类型的转换/获取当前时间/将时间转换成String/将String转换成时间
		
    对于我的脑子,我已经服气了...写了N遍的东西,就是记不住...既然记不住那就记下来... 利用java获取当前的时间(String类型,年-月-日 时:分:秒) //我要获取当前的日期 Date d ...
    
		
    5. 
						
  5. inner join ,left join ,right join 以及java时间转换
		
    1.inner join ,left join 与 right join (from 百度知道) 例表aaid adate1    a12    a23    a3表bbid  bdate1      ...
    
		
    6. 
						
  6. Python基本时间转换
		
    时间转换 python中处理时间的时候,最常用的就是字符形式与时间戳之间的转换. 把最基本的转换在这里记下来 string -> timestamp import time import dat ...
    
		
    7. 
						
  7. Date类型时间转换
		
    /* 时间转换start */ public static void main(String args[]) { Date nowTime = new Date(); System.out.print ...
    
		
    8. 
						
  8. unix环境C编程之日期时间转换
		
    1.理清概念 1.1.日历时间:   含义:国际标准时间1970年1月1日00:00:00以来经过的秒数.   数据类型:time_t.实际上是long的别名. 1.2.tm结构时间:   含义:结构 ...
    
		
    9. 
						
  9. php时间转换unix时间戳
		
    本文介绍了php编程中unix时间戳转换的小例子,有关php时间转换.php时间戳的实例代码,有需要的朋友参考下. 第一部分,php 时间转换unix 时间戳实现代码. 复制代码代码示例: <? ...
    
		
    10. 
		

	


随机推荐
	

    
									
  1. Android中ListView通过BaseAdapter实现数据的绑定
			
    1. public class ListFiles extends Activity { ListView Listview=null; protected void onCreate(Bundle  ...
    
			
    2. 
						
  2. HDU5107---K-short Problem (线段树区间 合并、第k大)
			
    题意:二维平面上 N 个高度为 Hi 建筑物,M次询问,每次询问输出 位于坐标(x ,y)左下角(也就是xi <= x && yi <= y)的建筑物中的第k高的建筑物的高 ...
    
			
    3. 
						
  3. eclipse svn插件安装
			
    1,在线直接安装 help --> Eclipse Marketplace 2,下载subclipse.zip 把features.plugins拷贝到eclipse安装目录 3,直接把subc ...
    
			
    4. 
						
  4. word-wrap: break-word 和 word-break: break-all 到底有啥区别?
			
    做项目改bug的时候,遇到过好多次,要么是文本超出文本区域,或者单词太长(一般是url链接中的一些鬼),把装它的标签强制撑大,导致一些响应式问题.除此之外,还有很多问题,每次都是恍然醒悟,然后又在网上 ...
    
			
    5. 
						
  5. 【转】windows下vs2008/2010+opencv2.2开发环境搭建
			
    版权声明:本文为博主原创文章,未经博主允许不得转载. 1.下载安装Cmake 2.用cmake配置opencv2.2,然后编译,安装 3. 在vs2008中配置opencv2.2 4.Demo 1.下 ...
    
			
    6. 
						
  6. HRBUST 1987 逃课的孩子
			
    Sol:HASH + 二分  字符串处理,很基础的操作. 题意很明确就是找重复的次数统计下,范围比较大1≤n≤10000,1≤m≤10000. #include <cstdio> #inc ...
    
			
    7. 
						
  7. 集成容联:Warning! ivar size mismatch in PSUICollectionView_ - can't change the superclass.解决办法
			
    这个警报其实是无影响的. 解决方案: PSTCollectionView.m  的  char filler[200]   替换成char filler[300]
    
			
    8. 
						
  8. memcached几个easy被忽略但很实用的命令
			
    一.CAS和GETS Memcached从1.2.4版本号新增CAS(Check and Set)协议,用于处理同一个ITEM(key-value)被多个session更新改动时的数据一致性问题. 如 ...
    
			
    9. 
						
  9. SD卡中FAT32文件格式高速入门(图文具体介绍)
			
    说明: MBR :Master Boot Record ( 主引导记录) DBR :DOS Boot Record ( 引导扇区) FAT :File Allocation Table ( 文件分配表 ...
    
			
    10. 
						
  10. 一个安全测试的CheckList
			
    转自:http://hi.baidu.com/dontcry/item/90c2bc466558c217886d1075 不登录系统,直接输入登录后的页面的URL是否可以访问: 不登录系统,直接输入下 ...
    
			
    11.