Continuous time parse failures

Elastic Stack Logstash
1

Hi Team,
I am working on a log which looks like below

<Oct 8, 2018 6:33:23 AM PDT> <Starting WebLogic Server with Java HotSpot(TM) 64-Bit Server VM Version 25.181-b25 from Oracle Corporation.>

and my logstash conf looks as below

filter {
grok {
match => { "message" => "<%{WORD:MONTH}\s%{NUMBER:MONTHDAY},\s%{NUMBER:YEAR}\s%{TIME:testime}\s%{DATA:DL}\s%{DATA:TZ}>\s<%{LOGLEVEL:webtrace}>\s<%{WORD:Status}>\s<%{DATA:BeaCode}>\s<%{GREEDYDATA:Logmessage}>" }
overwrite => [ "message" ]
}
mutate {
add_field => { "timestamp" => "%{MONTHDAY}/%{MONTH}/%{YEAR} %{testime} %{DL}" }
}
mutate {
gsub => [ "timestamp", "PST", "PST8PDT" ]
}
date {
match => [ "timestamp" , "MMM dd, yyyy hh:mm:ss a ZZZ" ]
}
mutate {
remove_field => [ "MONTHDAY","MONTH","YEAR","TIME" ]
}
}

I am getting continuous date parse failure, require assistance to fix it.

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.