Skip to content

Commit

Permalink
Add comment for locale in date filter.
Browse files Browse the repository at this point in the history 
For non-english environment the date filter don't parse correctly the month name. See : http://stackoverflow.com/questions/26653490/logstash-date-filter-failed-parsing

Fixes elastic#1987
  • Loading branch information
@anayrat @jordansissel
anayrat authored and jordansissel committed Dec 18, 2014
1 parent f83652a commit a785a69
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/tutorials/getting-started-with-logstash.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,7 +250,7 @@ You should see something returned to STDOUT which looks like this:
----
As you can see, Logstash (with help from the *grok* filter) was able to parse the log line (which happens to be in Apache "combined log" format) and break it up into many different discrete bits of information. This will be extremely useful later when we start querying and analyzing our log data... for example, we'll be able to run reports on HTTP response codes, IP addresses, referrers, etc. very easily. There are quite a few grok patterns included with Logstash out-of-the-box, so it's quite likely if you're attempting to parse a fairly common log format, someone has already done the work for you. For more details, see the list of https://github.com/logstash/logstash/blob/master/patterns/grok-patterns[logstash grok patterns] on github.

The other filter used in this example is the *date* filter. This filter parses out a timestamp and uses it as the timestamp for the event (regardless of when you're ingesting the log data). You'll notice that the @timestamp field in this example is set to December 11, 2013, even though Logstash is ingesting the event at some point afterwards. This is handy when backfilling logs, for example... the ability to tell Logstash "use this value as the timestamp for this event".
The other filter used in this example is the *date* filter. This filter parses out a timestamp and uses it as the timestamp for the event (regardless of when you're ingesting the log data). You'll notice that the @timestamp field in this example is set to December 11, 2013, even though Logstash is ingesting the event at some point afterwards. This is handy when backfilling logs, for example... the ability to tell Logstash "use this value as the timestamp for this event". For non-english installation you may have to precise the locale in date filter (locale => en).

== Useful Examples

Expand Down

0 comments on commit a785a69

Please sign in to comment.