Hi @magnusbaeck ,
I have one log file in which the date format is as follows.
14-Jun-2017 04:40:28.120 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /opt/apache-tomcat-8.0.18/webapps/host-manager
My Grok pattern is as follows.
grok {
match => [ "message", "(?%{MONTHDAY}-%{MONTH}-%{YEAR} %{HOUR}:%{MINUTE}:%{ISO8601_SECOND}) %{WORD} [%{GREEDYDATA}] %{JAVACLASS} %{GREEDYDATA}" ]
}
date {
match => [ "timestamp", "dd-MMM-yyyy HH:mm:ss.SSS" ]
target => "@timestamp"
}
But this is not replacing the @timestamp with real log time stamp(14-Jun-2017 04:40:28.120). Please help me how can I rectify this.
Thanks,