Convert sting to date time in logstash

Senz79 · October 7, 2016, 6:27pm

how can i convert the below string into date time

Wed Aug 03 11:48:58 2016

I am using the below pattern to put it in a column
?[%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}])

warkolm · October 8, 2016, 4:12am

Have you seen the date filter? https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html

Senz79 · October 8, 2016, 4:16am

date {
locale => "en"
match => [ "timestamp", "YYYY-MM-dd HH:mm:ss", "YYYY-MM-dd HH:mm:ss.SSSS" ]
timezone => "Etc/UCT"

}

This is what i am trying to do but not working

Senz79 · October 8, 2016, 4:23am

[Wed Aug 03 11:48:58 2016]

when i try to convert

date {
locale => "en"
match => [ "timestamp", "D MM dd HH:mm:ss YYYY", "YYYY-MM-dd HH:mm:ss.SSSS" ]

}

←[33mFailed parsing date from field {:field=>"timestamp", :value=>"[Wed Aug 10 1
3:19:19 2016]", :exception=>"Invalid format: "[Wed Aug 10 13:19:19 2016]"", :c
onfig_parsers=>"D MM dd HH:mm:ss YYYY,YYYY-MM-dd HH:mm:ss.SSSS", :config_locale=

"en", :level=>:warn}←[0m

Senz79 · October 8, 2016, 5:11am

Solution

grok {
match => { message => [
"[%{DAY:d} %{MONTH:m} %{MONTHDAY:md} %{TIME:t} %{YEAR:y}] [%{NOTSPACE:logger}] [%{WORD:source} %{IP:ip}] (?%{WORD:text1} %{WORD:text1} %{WORD:text1} %{WORD:text1}): %{URIPATH:path}, %{WORD:referer}: %{GREEDYDATA:url}",
"[%{DAY:d} %{MONTH:m} %{MONTHDAY:md} %{TIME:t} %{YEAR:y}] [%{NOTSPACE:logger}] [%{WORD:source} %{IP:ip}] (?%{WORD:text1} %{WORD:text1} %{WORD:text1} %{WORD:text1}): %{URIPATH:path}"
]}
add_tag => [ "error" ]

}

mutate {
add_field => {
"timestamp" => "%{md}-%{m}-%{y} %{t}"
}
}
date {
match => [ "timestamp", "dd-MMM-yyyy HH:mm:ss", "YYYY-MM-dd HH:mm:ss" ]
target => "timestamp"
locale => "en"
}

Result

"timestamp" => "2016-08-03T06:18:58.000Z"