Date parsing with am:pm?

The date in my logs looks like that:
6월 15, 2018 4:10:20 오후

I tried to parse it like that:

grok {
match => {"message" => "%{NUMBER:mon_num}%{NOTSPACE:month} %{NUMBER:day}, %{YEAR:year} %{TIME:time} %{NOTSPACE:hour_clock} }
if "월" in [hour_clock] {
mutate {
update => {"hour_clock" => "PM"}
}
}

if "_grokparsefailure" not in [tags] {
mutate {
add_field => {"log_date" => "%{year}-%{mon_num}-%{day} %{time} %{hour_clock}"}
add_field => {"log_message" => "%{log_message_main}%{log_message_detail}"}
remove_field => ["year", "month", "day", "time", "hour_clock", "message","log_message_detail"]
}

date {
match => ["log_date", "yyyy-MM-dd hh:mm:ss aa"]
}

date {
match => ["log_date", "yyyy-MM-dd hh:mm:ss aa"]
target => "log_date"
}
}
}

_dateparsefailure

What is the right way to parse this date format?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.