Hello all,
I am trying to transport apache logs with time in milliseconds to elasticsearch but having troubles doing it.
When I change logformat of apache to milliseconds since epoch, the logs arrive in elasticsearch but elasticseasrch create index for each log.
We have hybris logs in (e.g)"2021-12-03T16:30:03.834+0100" format and with the following config
<source>
type tail
format json
path /opt/hybris_logs/tomcat/console.json
pos_file /var/log/td-agent/buffer/hybris.console
tag x.x.x.x.hybris.console
</source>
and the logs arrive in elasticsearch without any issue and with subsecond precision.
I changed apache log format and apache emits logs in the same format as the above e.g "2021-12-03T15:32:47.588+0000" but td-agent doesn't forward the logs.
I get "[warn]: #0 pattern not matched".
Config for apache logs is identical to the hybris one(above).
Could someone help me out with this?
Thank you