Re: [exim] Date format

Etusivu
Poista viesti
Vastaa
Lähettäjä: Matthew Newton
Päiväys:  
Vastaanottaja: Mike Brudenell
Kopio: exim-users@exim.org
Aihe: Re: [exim] Date format
On Fri, Nov 18, 2016 at 03:45:34PM +0000, Mike Brudenell wrote:
> Are you sure it's not just a case of configuring Elasticsearch so that it
> parses the incoming date field? I'd expect it to be flexible in what it can
> take in, and this documentation page (found by using Google to search for
> "elasticsearch change date format") suggest it's possible:


Exactly that. Using logstash here, pull the date off the start
with a pattern in grok like

%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}(?: %{ISO8601_TIMEZONE})?

which goes into the "exim_date" field, and then use date to parse
it, e.g.

  date {
    match => [ "exim_date", "yyyy-MM-dd HH:mm:ss Z",
                            "yyyy-MM-dd HH:mm:ss" ]
  }


Exim is one of the better applications out there - it actually
includes a timezone in its logs :)

Matthew


--
Matthew Newton, Ph.D. <mcn4@???>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp@???>