Custom Time field doesnot contain any data after create in grok pattern

baber1223 · May 7, 2024, 9:51pm

I have written follow grok pattern in logstash

filter{

  grok{
    match  =>  { "message" => '%{IPORHOST:clientip} %{HTTPDUSER:ident} %{USER:auth} \[%{HTTPDATE:logtimestamp}\] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response} (?:%{NUMBER:bytes:int}|-)' }


}

  date{ match => ["logtimestamp","DD/MMM/YYYY:HH:MM:SS ZZ","ISO8601"] target => "Time" }
}

As you can see I don't want to use default timestamp abut want to use Time as field name and use it as timestamp actually this field has created but it does not contain any data . what is the issue ?

Rios · May 8, 2024, 4:00am

If is this format: [07/May/2024:13:47:19 +0530], should be something like this:

date{ 
match => ["logtimestamp","dd/MMM/yyyy:HH:mm:ss ZZ"]
target => "Time" 
}

system · June 5, 2024, 4:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Time Filter field name: @timestamp Logstash	2	2099	May 9, 2019
Custom pattern problems in the grok filter Logstash	2	2542	July 6, 2017
Remain json data as field in Logstash Logstash	4	1487	July 6, 2017
Help with grok pattern Logstash Logstash	3	258	June 22, 2020
Grok: Pattern appears to be matching but not creating new fields Logstash	4	2032	July 6, 2017

Custom Time field doesnot contain any data after create in grok pattern

Related topics