Add to logstash filter config:
With ISO_8601 log timestamp (etc laravel log):
|
1 2 3 4 5 6 7 |
match => { "message" => "\[%{TIMESTAMP_ISO8601:timelog}\.........] date { match => ["timelog", "ISO8601", "yyyy-MM-dd HH:mm:ss" ] target => "@timestamp" locale => "en" timezone => "Asia/Ho_Chi_Minh" remove_field => "timelog" } |
With HTTP_DATE log timestamp (etc nginx log request):
|
1 2 3 4 |
date { match => ["timelog", "dd/MMM/YYYY:HH:mm:ss Z"] target => "@timestamp" remove_field => "timelog" } |
Z is timezone, no need to add timezone to logstash config.
