Date format failing in grok

sreejiths · October 10, 2017, 5:21am

We are using ELK 5.2 for Network device syslog Analytics . Some devices is sending date format with a special character "" in the beginning of date format for some reasons due to which grok is failing to match . Anyway i can ignore or match "" in logstash grok .Please advice .Details are below ..

Log :" <189>61: *Oct 10 11:03:44 SG: %OSPF-5-ADJCHG: Process 2, Nbr 1.2.5.6 on Tunnel15 from LOADING to FULL, Loading Done"

Date pattern : THETIMESTAMP %{MONTH} +%{MONTHDAY}(?: %{YEAR})? %{TIME} %{DATA:TZ}:

magnusbaeck · October 10, 2017, 5:23am

I assume you're talking about *. That's a metacharacter in regular expressions to if you want to match a literal one you have to escape it with a backslash.

sreejiths · October 10, 2017, 7:04am

Thanks ..Got it ..

system · November 7, 2017, 7:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.