I have the same problem with this person, and i am trying to make the output of my log_date as the following format but i don't have a clue how to do it.
log original input : [23/AUG/2018:00:00:00 +0800]
and the output i want : 2018-08-23
what i have tried is use gsub function to change all the month from month name to month number, but this method doesn't work for me.
then i have tried to add date{} in filter to match the date format, but it can only give the output like the original input ( output : 23/AUG/2018:00:00:00 +0800)
here is the code that i have got at the moment, i have tried both of them separated (both in the grok, message = 1 or 2 )
- [%{MONTHDAY:day}/%{MONTH:month}/%{YEAR:year}:%{HOUR}:%{MINUTE}:%{SECOND} %{ISO8601_TIMEZONE}] "
2.[(?([^+))]
-
mutate {
add_field => { "date" => "%{year}-%{month}-%{day}" }
}date {
match => [ "date" , "yyyy-MM-dd" ]
target => "@timestamp"
}
for 3 i have also tried to put the correct format of the date in match
match => [ "date" , "dd/MMM/yyyy:HH:mm:ss Z" ]
it does work but i couldn't get into the format of 2018-08-23
please help, and thank you for your time 
