Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
2.4.1
Describe the issue:
I find myself in need of concatenating two previously captured values to form a new value. In particular, these are JBoss server.log entries. JBoss seems to rotate the log daily, and embeds the date into the filename, while the log entries only contain the time.
In the processor, I tried to have grok capture the dateStamp and the time. Ignoring the fact that I don’t have the dateStamp capture working correctly yet, I see nothing that would help be merge the two values into one. The goal is to pipe the final value into the date processor so that we can get a proper timestamp for these entries.
Configuration:
log-pipeline:
source:
http:
ssl: true
ssl_certificate_file: /usr/share/data-prepper/sec/cert.crt
ssl_key_file: /usr/share/data-prepper/sec/cert.key
processor:
- grok:
pattern_definitions:
SERVER_LOG_FILE_DATE_STAMP: ‘(?:%{YEAR}-%{MONTHNUM}-%{MONTHDAY})’
match:
log: [ “%{TIME:time}\s+%{LOGLEVEL:eventLevel}\s+\[%{DATA:src}\]\s+\(%{DATA:som}\)\s+” ]
filename: [ “%{PATH:filename}server.log.%{SERVER_LOG_FILE_DATE_STAMP:dateStamp}” ]
sink:
- opensearch:
hosts: [ “https://opensearch-node1:9200” ]
insecure: true
username: admin
password: admin
index: jboss_logs.20231001
Relevant Logs or Screenshots: