Hi,
I have a log shipped through Filebeat with date like Fri Nov 11 11:00:39 GMT 2016. I would like to add this to a timestamp variable in Logstash using match filter like;
(?<timestamp>%{DAY} %{MONTH} %{MONTHDAY} %{HOUR}:?%{MINUTE}(?::?%{SECOND}) %{Z} 20%{YEAR})
This is giving me a _grokparsefailure. If I give GMT instead of %{Z}, it is working fine. How can I fix this?
Thanks in advance..
The standard set of grok patterns doesn't include a "Z" pattern so it's not surprising it doesn't work. Is the timezone always GMT? That kind of timezone name is problematic because they're ambiguous so the date filter can't parse them. It would be easier if you either used a single timezone or if the timezone was specified with an explicit UTC offset.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.