elastic · ritalwar · Feb 1, 2023 · Jan 9, 2023 · Jan 9, 2023 · Jan 16, 2023
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -158,6 +158,7 @@ https://github.com/elastic/beats/compare/v8.2.0\...main[Check the HEAD diff]
 - Allow user configuration of keep-alive behaviour for HTTPJSON and CEL inputs. {issue}33951[33951] {pull}34014[34014]
 - Add support for polling system UDP stats for UDP input metrics. {pull}34070[34070]
 - Add support for recognizing the log level in Elasticsearch JVM logs {pull}34159[34159]
+- Add support for new Rabbitmq timestamp format for logs {pull}34211[34211]
 
 *Auditbeat*
 

diff --git a/filebeat/docs/modules/rabbitmq.asciidoc b/filebeat/docs/modules/rabbitmq.asciidoc
@@ -13,6 +13,7 @@ This file is generated! See scripts/docs_collector.py
 include::{libbeat-dir}/shared/integration-link.asciidoc[]
 
 This is the module for parsing https://www.rabbitmq.com/logging.html[RabbitMQ log files]
+It will only support RabbitMQ default i.e RFC 3339 timestamp format using TIMESTAMP_ISO8601.
 
 include::../include/what-happens.asciidoc[]
 

@@ -6,6 +6,7 @@
 include::{libbeat-dir}/shared/integration-link.asciidoc[]
 
 This is the module for parsing https://www.rabbitmq.com/logging.html[RabbitMQ log files]
+It will only support RabbitMQ default i.e RFC 3339 timestamp format using TIMESTAMP_ISO8601.
 
 include::../include/what-happens.asciidoc[]
 

@@ -10,7 +10,7 @@ processors:
       GREEDYMULTILINE: "(.|\n)*"
       ERL_PID: "\\<%{INT}+\\.%{INT}+\\.%{INT}+\\>"
     patterns:
-    - "%{DATESTAMP:timestamp} \\[%{WORD:log.level}\\] %{ERL_PID:rabbitmq.log.pid}
+    - "%{TIMESTAMP_ISO8601:timestamp} \\[%{WORD:log.level}\\] %{ERL_PID:rabbitmq.log.pid}
       %{GREEDYMULTILINE:message}"
     ignore_missing: true
 - grok:
@@ -66,14 +66,14 @@ processors:
     field: timestamp
     target_field: "@timestamp"
     formats:
-    - yy-MM-dd HH:mm:ss.SSS
+    - yyyy-MM-dd HH:mm:ss.SSSSSSZZZZZ
 - date:
     if: "ctx.event.timezone != null"
     field: "timestamp"
     target_field: "@timestamp"
     timezone: "{{ event.timezone }}"
     formats:
-    - yy-MM-dd HH:mm:ss.SSS
+    - yyyy-MM-dd HH:mm:ss.SSSSSSZZZZZ
 - remove:
     field:
     - timestamp

@@ -1,79 +1,26 @@
-2019-04-03 11:13:15.076 [info] <0.8.0> Log file opened with Lager
-2019-04-03 11:13:15.510 [info] <0.222.0> 
- Starting RabbitMQ 3.7.14 on Erlang 21.3.2
- Copyright (C) 2007-2019 Pivotal Software, Inc.
- Licensed under the MPL.  See https://www.rabbitmq.com/
-2019-04-03 11:13:15.512 [info] <0.222.0>  
- node           : rabbit@localhost
- home dir       : /Users/jfsiii
- config file(s) : (none)
- cookie hash    : 1FLKC2GJUcbFjO6klcgs8Q==
- log(s)         : /usr/local/var/log/rabbitmq/rabbit@localhost.log
-                : /usr/local/var/log/rabbitmq/rabbit@localhost_upgrade.log
- database dir   : /usr/local/var/lib/rabbitmq/mnesia/rabbit@localhost
-2019-04-12 10:00:53.458 [info] <0.1398.0> RabbitMQ is asked to stop...
-2019-04-12 10:00:53.550 [info] <0.1398.0> Stopping RabbitMQ applications and their dependencies in the following order:
-    rabbitmq_management
-    rabbitmq_stomp
-    rabbitmq_amqp1_0
-    rabbitmq_mqtt
-    amqp_client
-    rabbitmq_web_dispatch
-    cowboy
-    cowlib
-    rabbitmq_management_agent
-    rabbit
-    mnesia
-    rabbit_common
-    sysmon_handler
-    os_mon
-    amqp10_common
-2019-04-12 10:00:53.550 [info] <0.1398.0> Stopping application 'rabbitmq_management'
-2019-04-12 10:00:54.553 [warning] <0.490.0> RabbitMQ HTTP listener registry could not find context rabbitmq_management_tls
-2019-04-12 10:00:54.555 [info] <0.43.0> Application rabbitmq_management exited with reason: stopped
-2019-04-12 10:00:54.567 [info] <0.1398.0> Stopping application 'rabbit'
-2019-04-12 10:00:54.567 [info] <0.286.0> Peer discovery backend rabbit_peer_discovery_classic_config does not support registration, skipping unregistration.
-2019-04-12 10:00:54.568 [info] <0.419.0> stopped TCP listener on 127.0.0.1:5672
-2019-04-12 10:00:54.569 [info] <0.324.0> Closing all connections in vhost '/' on node 'rabbit@localhost' because the vhost is stopping
-2019-04-12 10:00:54.579 [info] <0.374.0> Stopping message store for directory '/usr/local/var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L/msg_store_persistent'
-2019-04-12 10:00:54.588 [info] <0.374.0> Message store for directory '/usr/local/var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L/msg_store_persistent' is stopped
-2019-04-12 10:00:54.589 [info] <0.371.0> Stopping message store for directory '/usr/local/var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L/msg_store_transient'
-2019-04-12 10:00:54.598 [info] <0.371.0> Message store for directory '/usr/local/var/lib/rabbitmq/mnesia/rabbit@localhost/msg_stores/vhosts/628WB79CIFDYO9LJI6DKMI09L/msg_store_transient' is stopped
-2019-04-12 10:00:54.606 [info] <0.43.0> Application rabbit exited with reason: stopped
-2019-04-12 10:00:54.615 [info] <0.1398.0> Successfully stopped RabbitMQ and its dependencies
-2019-04-12 10:00:54.615 [info] <0.1398.0> Halting Erlang VM with the following applications:
-    ranch
-    ssl
-    public_key
-    sasl
-    inets
-    asn1
-    crypto
-    jsx
-    xmerl
-    recon
-    lager
-    goldrush
-    compiler
-    syntax_tools
-    stdlib
-    kernel
-2019-04-12 10:01:01.031 [info] <0.8.0> Server startup complete; 6 plugins started.
- * rabbitmq_stomp
- * rabbitmq_management
- * rabbitmq_web_dispatch
- * rabbitmq_amqp1_0
- * rabbitmq_mqtt
- * rabbitmq_management_agent
-2019-04-12 10:11:15.094 [info] <0.1345.0> accepting AMQP connection <0.1345.0> (127.0.0.1:64875 -> 127.0.0.1:5672)
-2019-04-12 10:11:15.101 [info] <0.1345.0> connection <0.1345.0> (127.0.0.1:64875 -> 127.0.0.1:5672): user 'guest' authenticated and granted access to vhost '/'
-2019-04-12 10:19:14.450 [error] <0.1345.0> Error on AMQP connection <0.1345.0> (127.0.0.1:64875 -> 127.0.0.1:5672, vhost: '/', user: 'guest', state: running), channel 0:
- operation none caused a connection exception connection_forced: [240,159,145,
-                                                                 139,240,159,
-                                                                 143,190,240,
-                                                                 159,144,135,
-                                                                 240,159,164,
-                                                                 163]
-2019-04-12 10:19:14.450 [info] <0.1902.0> Closing connection <0.1345.0> because <<240,159,145,139,240,159,143,190,240,159,144,135,240,159,164,163>>
-2019-04-12 10:19:14.451 [info] <0.1345.0> closing AMQP connection <0.1345.0> (127.0.0.1:64875 -> 127.0.0.1:5672, vhost: '/', user: 'guest')
-2021-11-22 17:48:20.003 [warning] <0.8084.263> HTTP access denied: user 'guest' - Not monitor user
+2023-01-03 07:20:19.811276+00:00 [info] <0.229.0> Created user 'guest'
+2023-01-03 07:20:19.812335+00:00 [info] <0.229.0> Successfully set user tags for user 'guest' to [administrator]
+2023-01-03 07:20:19.813219+00:00 [info] <0.229.0> Successfully set permissions for 'guest' in virtual host '/' to '.*', '.*', '.*'
+2023-01-03 07:20:19.813249+00:00 [info] <0.229.0> Running boot step rabbit_observer_cli defined by app rabbit
+2023-01-03 07:20:19.813297+00:00 [info] <0.229.0> Running boot step rabbit_looking_glass defined by app rabbit
+2023-01-03 07:20:19.813314+00:00 [info] <0.229.0> Running boot step rabbit_core_metrics_gc defined by app rabbit
+2023-01-03 07:20:19.813405+00:00 [info] <0.229.0> Running boot step background_gc defined by app rabbit
+2023-01-03 07:20:19.813473+00:00 [info] <0.229.0> Running boot step routing_ready defined by app rabbit
+2023-01-03 07:20:19.813495+00:00 [info] <0.229.0> Running boot step pre_flight defined by app rabbit
+2023-01-03 07:20:19.813507+00:00 [info] <0.229.0> Running boot step notify_cluster defined by app rabbit
+2023-01-03 07:20:19.813522+00:00 [info] <0.229.0> Running boot step networking defined by app rabbit
+2023-01-03 07:20:19.813558+00:00 [info] <0.229.0> Running boot step definition_import_worker_pool defined by app rabbit
+2023-01-03 07:20:19.813584+00:00 [info] <0.286.0> Starting worker pool 'definition_import_pool' with 5 processes in it
+2023-01-03 07:20:19.813855+00:00 [info] <0.229.0> Running boot step cluster_name defined by app rabbit
+2023-01-03 07:20:19.813932+00:00 [info] <0.229.0> Initialising internal cluster ID to 'rabbitmq-cluster-id-l0b5cMVBVtihO_6zHjXFTA'
+2023-01-03 07:20:19.814968+00:00 [info] <0.229.0> Running boot step direct_client defined by app rabbit
+2023-01-03 07:20:19.815021+00:00 [info] <0.229.0> Running boot step rabbit_maintenance_mode_state defined by app rabbit
+2023-01-03 07:20:19.815037+00:00 [info] <0.229.0> Creating table rabbit_node_maintenance_states for maintenance mode status
+2023-01-03 07:20:19.818283+00:00 [info] <0.229.0> Running boot step rabbit_management_load_definitions defined by app rabbitmq_management
+2023-01-03 07:20:19.818437+00:00 [info] <0.723.0> Resetting node maintenance status
+2023-01-03 07:20:19.826261+00:00 [info] <0.782.0> Management plugin: HTTP (non-TLS) listener started on port 15672
+2023-01-03 07:20:19.826356+00:00 [info] <0.810.0> Statistics database started.
+2023-01-03 07:20:19.826405+00:00 [info] <0.809.0> Starting worker pool 'management_worker_pool' with 3 processes in it
+2023-01-03 07:20:19.831459+00:00 [info] <0.824.0> Prometheus metrics: HTTP (non-TLS) listener started on port 15692
+2023-01-03 07:20:19.831562+00:00 [info] <0.723.0> Ready to start client connection listeners
+2023-01-03 07:20:19.833523+00:00 [info] <0.868.0> started TCP listener on [::]:5672