Thanks @magnusbaeck! I get a "_dateparsefailure" while using eitherof the patterns you shared. So now my logstash conf looks like -
filter {
grok {
match => ["message", "%{TIMESTAMP_ISO8601:timestamp}"]
}
xml {
source => "message"
store_xml => false
xpath => ["event/@timestamp","logmessage"]
}
date {
match => ["logmessage", "yyyy-MM-dd HH:mm:ss.SSSSSSZ"]
}
}