Mar 3, 2019 9:40:30,734 PM
Mar 11, 2019 11:20:10,114 PM
I have to parse logs with the following formats. The first date does not have a 0 in front of the 3. This also applies to the hours portion. I am unsure how I would use the date filter for both formats.
This is my current date config. Will it have trouble reading from days and hours in the single digits?
date { match => ["logdate", "MMM dd, YYYY KK:mm:ss,SSS a"] target => "logdate" }
When the day is a single digit is there one space or two between it and the month?Similarly for the hour.
Just one space
OK, then "MMM dd, YYYY KK:mm:ss,SSS a" will parse both.
Was recently able to try this. Was unable to select "logdate" as my timestamp when I was creating the kibana index. I assume its unable to recognize logdate as an actual date stamp.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.