{"id":66,"date":"2015-10-08T11:41:14","date_gmt":"2015-10-08T10:41:14","guid":{"rendered":"http:\/\/dagobah.eu.org\/blog\/?p=66"},"modified":"2015-10-08T11:41:14","modified_gmt":"2015-10-08T10:41:14","slug":"happy-new-year-from-logstash-syslog","status":"publish","type":"post","link":"https:\/\/dagobah.eu.org\/blog\/?p=66","title":{"rendered":"Happy new year from Logstash &amp; syslog"},"content":{"rendered":"<p>Once you&#8217;re running syslog-ng | logstash | elasticsearch for to archive all the syslogs from your servers, there is probably something you didn&#8217;t noticed: syslog don&#8217;t care about year.<br \/>\nSo when 2015 coming, Logstash don&#8217;t know about it and push into elasticsearch the year of it&#8217;s last starts. So your January 2015 syslogs coming to January 2014 ones&#8230;<br \/>\nHow I fixed it ? I&#8217;ve restarted logstash when I understood the problem, but it was somehow too late.<br \/>\nSome solution is explained here: <a title=\"https:\/\/discuss.elastic.co\/t\/syslog-date-without-year\/29834\" href=\"https:\/\/discuss.elastic.co\/t\/syslog-date-without-year\/29834\" target=\"_blank\" rel=\"noopener\">https:\/\/discuss.elastic.co\/t\/syslog-date-without-year\/29834<\/a> but you need some more code to handle the year move and using @timestamp don&#8217;t allow you to replay piece of logs when you need&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Once you&#8217;re running syslog-ng | logstash | elasticsearch for to archive all the syslogs from your servers, there is probably something you didn&#8217;t noticed: syslog don&#8217;t care about year. So when 2015 coming, Logstash don&#8217;t know about it and push into elasticsearch the year of it&#8217;s last starts. So your January 2015 syslogs coming to &hellip; <a href=\"https:\/\/dagobah.eu.org\/blog\/?p=66\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Happy new year from Logstash &amp; syslog<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-66","post","type-post","status-publish","format-standard","hentry","category-nosql"],"_links":{"self":[{"href":"https:\/\/dagobah.eu.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/66","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dagobah.eu.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dagobah.eu.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dagobah.eu.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dagobah.eu.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=66"}],"version-history":[{"count":0,"href":"https:\/\/dagobah.eu.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/66\/revisions"}],"wp:attachment":[{"href":"https:\/\/dagobah.eu.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=66"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dagobah.eu.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=66"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dagobah.eu.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=66"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}