filter {
ruby {
code => "event.set('[@metadata][index]', event.get('[@timestamp]').time.localtime.strftime('%Y-%m-%d-%H'))"
}
ruby {
code => "event.set('[@metadata][timestamp]', event.get('[@timestamp]').time.localtime.strftime('%Y-%m-%d %H:%M:%S.%L'))"
}
}input {
beats {
port => 1221
}
}filter {
mutate {
lowercase => [ "[host][name]" ]
}
}output {
file {
path => "/data/log/%{[host][name]}.server.log.%{[@metadata][index]}"
codec => line { format => "%{[host][name]} %{message}"}}
}
or use this for daily rotate
ruby {
code => "event.set('[@metadata][index]', event.get('[@timestamp]').time.localtime.strftime('%Y-%m-%d'))"
}Done. it’s easy when you know it.
refer: https://discuss.elastic.co/t/timezone-in-utc-causes-wrong-filename/261480
