Hello,
I'm trying for several hours to parse a logfile and i'm stuck with parsing dates. I have a very hard time understanding how it works. Is there an example somewhere with unusual timestamps?
My log is like this :
XXX.XXX.XXX.XXX - - [31/May/2019:07:10:01 +0200] "GET -url- HTTP/1.1" 200 446 413 5 "-URL-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" -URL-
`
Filters in my ".conf" file :
filter { grok { match => { "message" => "^%{IP:host_ip} - - \[%{TIMESTAMP_ISO8601:logtime}\]" } } date { locale => "fr" match => [ "logtime" , "dd/MMM/yyyy:HH:mm:ss Z" ] timezone => "Europe/Paris" target => "logtime" } }
When i get rid of the timestamp thing, it parse the IP address but not with it...
What can i do to make it work? Should i mutate the timestamp to get it with "-" and not "/"?