Converting date to TIMESTAMP_ISO8601 format

gloupe · February 2, 2021, 9:37am

Hi,

I'm actually receiving logs with timestamp to this format :
Mon Feb 1 13:29:48 2021

From Telegraf who's parsing the log with this Grok pattern :

SOURCELOG %{DAY} %{MONTH} (?: %{POSINT:MONTHDAY}) %{TIME} %{YEAR} -> %{GREEDYDATA:data}

I want logstash to change the format to the TIMESTAMP_ISO8601 format known as:

%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}

I know the timezone info is missing but i want to add a constant value of it.

So my questions are how could I change this format and how could I add this fixed timezone ?

Thanks for your answers

tatdat · February 2, 2021, 3:24pm

You can try with date filter plugin. I think your problem can be resolved.

system · March 2, 2021, 3:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.