I am trying to change the eventTime to the ISO standard. I am looking at the filter date plugin but not sure how to code this in dissect. Any suggestions. thanks
dissect {
mapping => { "message" => '%{} %{} %{eventTime}:%{+eventTime}:%{} %{} %{}
What does a message look like?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.