INFO [12-07|13:04:44] 🔨 mined potential block number=1934700 hash=3f9161…88da7d
only month-day .......
grok {
match => ["message", "%{LOGLEVEL:logType} \[%{DATA:gethmm}-%{DATA:gethdd}\|%{DATA:gethtime}\] %{GREEDYDATA:tmessage} number=(?\b\w+\b) hash=(?\b\w+...\w+\b)"]
add_field => ["gethdate", "%{[gethmm]}-%{[gethdd]} %{[gethtime]}"]
}
ruby {
code =>
" tstamp = event.get('@timestamp').to_i
event.set('epoch',tstamp)
event.set('gethdate', Time.at(tstamp).strftime('%Y')+'-'+event.get('gethdate'))
"
}
date {
match => [ "gethdate" , "YYYY-MM-dd HH:mm:ss"]
target => "gethdate"
timezone => "Asia/Taipei"
}
Recreate index
GET _cat/indices?v
GET _cat/indices?v&s=index
GET filebeat-6.5.1-2018.12.06
DELETE filebeat-6.5.1-2018.12.06
GET _cat/indices?v
GET filebeat-6.5.1-2018.12.06
If index rebuild, Kibana DISCOVER table will be see.