Ping a Specific Port

Question

leedm777

Asked: 2015-05-06 05:42:31 +0800 CST2015-05-06 05:42:31 +0800 CST 2015-05-06 05:42:31 +0800 CST

How can I parse an nginx msec field in logstash?

772

I'm trying to handle an nginx access log in logstash.

In order to get millisecond accuracy for my timestamps, I'm using the $msec variable. This means that timestamps will be of the form 1430832725.814, where the integer part is a UNIX timestamp, and the fraction part is in milliseconds. Unfortunately, I can't find a logstash date format which can parse UNIX timestamps.

Is there another way to get nginx to log with millisecond accuracy? Or a way to get the logstash date filter to parse UNIX timestamps?

2 Answers

Voted

leedm777 · Answer 1 · 2015-05-06T10:16:25+08:00

Best Answer

leedm777

2015-05-06T10:16:25+08:002015-05-06T10:16:25+08:00

The UNIX format literal can handle fractional seconds, so it will be able to parse an $msec field.

0

Popeye · Answer 2 · 2016-05-24T01:11:27+08:00

Popeye

2016-05-24T01:11:27+08:002016-05-24T01:11:27+08:00

firstly, using grok filter to map the $msec field to a output field

grok {
 match => { "message" =>\[%{GREEDYDATA:unix_timestamp}\] 
}

then using another Date filter to convert it to @timestamp field

  date {
     match => ["unix_timestamp", "UNIX"]
  }

If you want to map to fields other than @timestamp, refer to Logstash reference

0

How can I parse an nginx msec field in logstash?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?