REDISTIMESTAMP format is not matching in filebeat! #9819

longforfreedom · 2018-12-28T10:08:06Z

Describe the enhancement:
Redis default log format like this
26571:M 27 Dec 2018 11:19:18.874 * Synchronization with replica 10.114.208.18:6023 succeeded
the timestamp format is dd MMM YYYY H:m:s.SSS , but in Elasticsearch pipeline "REDISTIMESTAMP" is "%{MONTHDAY} %{MONTH} %{TIME}"` and dd MMM YYYY H:m:s.SSS not in date.formats .

so, modify module/redis/log/ingest/pipeline.json

"pattern_definitions": {
    "CHAR": "[a-zA-Z]",
    "REDISLEVEL": "[.\\-*#]",
    "REDISTIMESTAMP": "%{MONTHDAY} %{MONTH} %{YEAR} %{TIME}"
  }
  
"date": {
    "field": "redis.log.timestamp",
    "target_field": "@timestamp",
    "formats": [
      "dd MMM YYYY H:m:s.SSS",
      "dd MMM H:m:s",
      "UNIX"
    ],
    "ignore_failure": true
  }

in my case:

redis version is 5.0.3
elasticsearch version is 6.3.2

The text was updated successfully, but these errors were encountered:

ruflin added enhancement module Filebeat Filebeat Team:Integrations Label for the Integrations team labels Dec 28, 2018

exekias added the bug label Jan 7, 2019

kaiyan-sheng self-assigned this Jan 12, 2019

kaiyan-sheng mentioned this issue Jan 12, 2019

Add grok pattern to support different timestamp fmt in redis log #10033

Merged

kaiyan-sheng closed this as completed in #10033 Jan 14, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

REDISTIMESTAMP format is not matching in filebeat! #9819

REDISTIMESTAMP format is not matching in filebeat! #9819

longforfreedom commented Dec 28, 2018 •

edited

Loading

REDISTIMESTAMP format is not matching in filebeat! #9819

REDISTIMESTAMP format is not matching in filebeat! #9819

Comments

longforfreedom commented Dec 28, 2018 • edited Loading

longforfreedom commented Dec 28, 2018 •

edited

Loading