<pre name="code" class="html">日期格式转换:

/***** nginx 访问日志

[elk@zjtest7-frontend config]$ cat stdin02.conf

input {

    stdin {

    }

}

filter {

    grok {

        match => ["message", "%{IPORHOST:clientip} \[%{HTTPDATE:time}\]"]

    }

    #date {

    #    match => ["time", "dd/MMM/yyyy:HH:mm:ss Z"]

    #}

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

 10.171.246.184 [22/Sep/2016:00:13:59 +0800] "GET /resources/css/base.css?06212016 HTTP/1.1" - 200 12638 "https://www.zjcap.cn/"

{

       "message" => " 10.171.246.184 [22/Sep/2016:00:13:59 +0800] \"GET /resources/css/base.css?06212016 HTTP/1.1\" - 200 12638 \"https://www.zjcap.cn/\" ",

      "@version" => "1",

    "@timestamp" => "2016-09-22T00:54:17.154Z",

          "host" => "0.0.0.0",

      "clientip" => "10.171.246.184",

          "time" => "22/Sep/2016:00:13:59 +0800"

}

打开时间转换:

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

 10.171.246.184 [22/Sep/2016:00:13:59 +0800] "GET /resources/css/base.css?06212016 HTTP/1.1" - 200 12638 "https://www.zjcap.cn/"

{

       "message" => " 10.171.246.184 [22/Sep/2016:00:13:59 +0800] \"GET /resources/css/base.css?06212016 HTTP/1.1\" - 200 12638 \"https://www.zjcap.cn/\" ",

      "@version" => "1",

    "@timestamp" => "2016-09-21T16:13:59.000Z",

          "host" => "0.0.0.0",

      "clientip" => "10.171.246.184",

          "time" => "22/Sep/2016:00:13:59 +0800"

}

/***** nginx 错误日志

[elk@zjtest7-frontend config]$ cat stdin02.conf

input {

    stdin {

    }

}

filter {

    grok {

        match => ["message", "(?<time>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME})"]

    }

    #date {

    #    match => ["time", "yyyy/MM/dd HH:mm:ss"]

    #}

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }

关闭date插件:

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

 2016/09/22 08:36:55 [error] 14486#0: *55574 open() "/var/www/zjzc-web-frontEnd/apple-app-site-association"

{

       "message" => " 2016/09/22 08:36:55 [error] 14486#0: *55574 open() \"/var/www/zjzc-web-frontEnd/apple-app-site-association\"",

      "@version" => "1",

    "@timestamp" => "2016-09-22T01:47:28.405Z",

          "host" => "0.0.0.0",

          "time" => "2016/09/22 08:36:55"

}

开启date插件:

[elk@zjtest7-frontend config]$ cat stdin02.conf

input {

    stdin {

    }

}

filter {

    grok {

        match => ["message", "(?<time>%{YEAR}[./-]%{MONTHNUM}[./-]%{MONTHDAY}[- ]%{TIME})"]

    }

    date {

        match => ["time", "yyyy/MM/dd HH:mm:ss"]

    }

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

 2016/09/22 08:36:55 [error] 14486#0: *55574 open() "/var/www/zjzc-web-frontEnd/apple-app-site-association"

{

       "message" => " 2016/09/22 08:36:55 [error] 14486#0: *55574 open() \"/var/www/zjzc-web-frontEnd/apple-app-site-association\"",

      "@version" => "1",

    "@timestamp" => "2016-09-22T00:36:55.000Z",

          "host" => "0.0.0.0",

          "time" => "2016/09/22 08:36:55"

}

/******tomcat access 日志

[elk@zjtest7-frontend config]$ cat stdin02.conf

input {

    stdin {

    }

}

filter {

    grok {

        match => ["message", "\s*%{IPORHOST:clientip}\s+\-\s+\-\s+\[%{HTTPDATE:time}\]"]

    }

    date {

         match => ["time", "dd/MMM/yyyy:HH:mm:ss Z"]

    }

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

10.171.246.184 - - [22/Sep/2016:07:59:04 +0800] "POST /api/notice/page HTTP/1.1" 200 1194 0.055 121.40.169.62

{

       "message" => "10.171.246.184 - - [22/Sep/2016:07:59:04 +0800] \"POST /api/notice/page HTTP/1.1\" 200 1194 0.055 121.40.169.62",

      "@version" => "1",

    "@timestamp" => "2016-09-21T23:59:04.000Z",

          "host" => "0.0.0.0",

      "clientip" => "10.171.246.184",

          "time" => "22/Sep/2016:07:59:04 +0800"

}

/**********tomcat catalina.out 日志

elk@zjtest7-frontend config]$ cat stdin02.conf

input {

    stdin {

    }

}  

filter {

   grok {

        match => ["message", "(?m)\s*%{TIMESTAMP_ISO8601:time}\s+(?<Level>(\S+)).*"]

    }

    date {

        match => ["time", "yyyy-MM-dd HH:mm:ss,SSS"]

    }

}

output {

 stdout {

  codec=>rubydebug{}

   }

 }  

[elk@zjtest7-frontend config]$ ../bin/logstash -f stdin02.conf

Settings: Default pipeline workers: 1

Pipeline main started

2016-09-21 19:10:01,538 INFO com.zjzc.common.utils.HttpUtil

{

       "message" => "2016-09-21 19:10:01,538 INFO com.zjzc.common.utils.HttpUtil",

      "@version" => "1",

    "@timestamp" => "2016-09-21T11:10:01.538Z",

          "host" => "0.0.0.0",

          "time" => "2016-09-21 19:10:01,538",

         "Level" => "INFO"

}  

/************mysql slow log



												


											
logstash 各种时间转换的更多相关文章
	

    
								
  1. Logstash:Data转换,分析,提取,丰富及核心操作
		
    Logstash:Data转换,分析,提取,丰富及核心操作 Logstash plugins Logstash是一个非常容易进行扩张的框架.它可以对各种的数据进行分析处理.这依赖于目前提供的超过200 ...
    
		
    2. 
						
  2. [jquery]将当前时间转换成yyyymmdd格式
		
    如题: function nowtime(){//将当前时间转换成yyyymmdd格式 var mydate = new Date(); var str = "" + mydate ...
    
		
    3. 
						
  3. MySQL 日期、时间转换函数
		
    MySQL 日期.时间转换函数:date_format(date,format), time_format(time,format) 能够把一个日期/时间转换成各种各样的字符串格式.它是 str_to ...
    
		
    4. 
						
  4. java时间类型的转换/获取当前时间/将时间转换成String/将String转换成时间
		
    对于我的脑子,我已经服气了...写了N遍的东西,就是记不住...既然记不住那就记下来... 利用java获取当前的时间(String类型,年-月-日 时:分:秒) //我要获取当前的日期 Date d ...
    
		
    5. 
						
  5. inner join ,left join ,right join 以及java时间转换
		
    1.inner join ,left join 与 right join (from 百度知道) 例表aaid adate1    a12    a23    a3表bbid  bdate1      ...
    
		
    6. 
						
  6. Python基本时间转换
		
    时间转换 python中处理时间的时候,最常用的就是字符形式与时间戳之间的转换. 把最基本的转换在这里记下来 string -> timestamp import time import dat ...
    
		
    7. 
						
  7. Date类型时间转换
		
    /* 时间转换start */ public static void main(String args[]) { Date nowTime = new Date(); System.out.print ...
    
		
    8. 
						
  8. unix环境C编程之日期时间转换
		
    1.理清概念 1.1.日历时间:   含义:国际标准时间1970年1月1日00:00:00以来经过的秒数.   数据类型:time_t.实际上是long的别名. 1.2.tm结构时间:   含义:结构 ...
    
		
    9. 
						
  9. php时间转换unix时间戳
		
    本文介绍了php编程中unix时间戳转换的小例子,有关php时间转换.php时间戳的实例代码,有需要的朋友参考下. 第一部分,php 时间转换unix 时间戳实现代码. 复制代码代码示例: <? ...
    
		
    10. 
		

	


随机推荐
	

    
									
  1. AOJ 0033 深度优先搜索
			
    题意:按给定顺序从A口放标号位1-10的10个球,利用挡板可以使球落到B或C,问能否使B和C里的球标号从下往上递增. 分析:对于第 i 个球,若a[i]大于B口上方的球,则可放入B口:若a[i]大于C ...
    
			
    2. 
						
  2. 《深度解析SDN》学习小结
			
    SDN(软件定义网络),顾名思义,通过软件来控制或驱动整个网络.SDN的核心概念有两个,第一是转发面与控制面的分离:第二是开放的可编程接口.另外,SDN强调集中式控制,通过软件来控制整个网络,但这并不 ...
    
			
    3. 
						
  3. ELT工具Kettle之CDC(Change Data Capture)实现实例
			
    ETL过程的第一步就是从不同的数据源抽取数据并把数据存储在数据的缓存区.这个过程的主要挑战就是初始加载数据量大和比较慢的网络延迟.在初始加载完成之后,不能再把所有数据重新加载一遍,我们需要的只是变化的 ...
    
			
    4. 
						
  4. Spring的StringUtils工具类
			
    本文是转载文章,感觉比较好,如有侵权,请联系本人,我将及时删除. 原文网址:<Spring的StringUtils工具类> org.springframework.util.StringU ...
    
			
    5. 
						
  5. 你需要知道的九大排序算法【Python实现】源码
			
    #coding: utf-8 #!/usr/bin/python import randomimport math #随机生成0~100之间的数值def get_andomNumber(num): l ...
    
			
    6. 
						
  6. Welcome to Apache™ Hadoop®!
			
    What Is Apache Hadoop? Getting Started Download Hadoop Who Uses Hadoop? News 15 October, 2013: relea ...
    
			
    7. 
						
  7. structured sparsity model
			
    Data representation往往基于如下最小化问题:         (1) 其中X是观测到的数据的特征矩阵,D是字典,Z是字典上的描述.约束项和使得字典dictionary和描述code具 ...
    
			
    8. 
						
  8. 命令行运行android模拟器
			
    创建模拟器 android create avd --name avd_4.1 --target "android-16" --abi armeabi-v7a Android 4. ...
    
			
    9. 
						
  9. 国外.net学习资源网站
			
    转载 :出处:http://www.cnblogs.com/kingjiong/ 名称:快速入门地址 http://chs.gotdotnet.com/quickstart/ 描述:本站点是微软.NE ...
    
			
    10. 
						
  10. 当setTimeout遇到闭包
			
    1: function myTest(){ for(var i=0; i< 5; i++){ setTimeout(console.log(i), 0); } } myTest(); 或者比较正 ...
    
			
    11.