Ive recently began learning logstash and the syntax is confusing me. eg : for match i have various codes:
match => [ "%{[date]}" , "YYYY-MM-dd HH:mm:ss" ]
match => { "message" => "%{COMBINEDAPACHELOG}" }
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
What does each of these keys ("%{[date]}", "message", "timestamp") mean. And where can i find a proper documentation that explains all the keywords and syntax. Please help and provide links if possible.
The grok{} filter has a match parameter that takes a field and a pattern. It will apply the pattern, trying to extract new fields from it. Your second example is from grok, so it will try to apply the COMBINEDAPACHELOG pattern against the text in the "message" field.
The doc for grok{} is here, and there are detailed blogs, too.
The other two examples look like they're from the date{} filter, which does a similar thing. It takes a field containing a string that represents a date, applies the given pattern to that field, and (by default) replaces the value in the @timestamp field.