I have multiple log files and I want to parse the message to get the correct timestamp. Here is the issue,
I had logs that were ingested at later date because of which the service count hits are astronomical high around that date. But, since the logs of the file have the correct date and time, I am planning to correct my @timestamp using that.
I tried to find the dissect processor and came up with the following code snippet:
processors:
- dissect:
tokenizer: '[%{text1}] [%{text2}] [%{text3}] [%{text4}] %{text5}'
field: 'message'
- Since, I have multiple logs I am not sure how to have multiple tokenizers to capture all patterns for the logs. Examples:
[UUID] [timestamp] [loglevel] [text] msg
[timestamp] loglevel msg
loglevel [timestamp] msg
