Different timezones for same kind of logs

shrikantgulia · January 8, 2018, 11:05am

I have two kind of access being taken from two different locations and on applying filter I am not able to replace my @timestamp with timestamp
my logs are(with different timezones)

1.IP - - [12/Jun/2017:11:52:13 +0200] "GET / HTTP/1.1" 200 1165
2.IP - - [08/Jan/2018:04:54:41 +0100] "GET /manager HTTP/1.1" 302 -
and my filter are as below
if [type] == "access1" {
grok {
match => {"message" => "%{IP:ip}.[%{MONTHDAY:day}/%{MONTH:month}/%{YEAR:year}:%{TIME:time}\s%{ISO8601_TIMEZONE:timezone}]\s*"%{WORD:request}\s*."\s(?\d+)"}
}
mutate {
add_field => {
"timestamp" => "%{year}-%{month}-%{day} %{time} %{timezone}"
}
}
date {
match => ["timestamp", "yyyy-MMM-dd HH:mm:ss", "ISO8601"]
target => "@timestamp"
}
}

a help would be really appreciated

guyboertje · January 9, 2018, 9:40am

The first pattern in your date filter does match for the timezone.

You can use the add_field directly in the grok filter - it will only add the field if the grok succeeds otherwise put the mutate and date inside a conditional block that checks for not grok parse failure.

system · February 6, 2018, 9:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can I change the @timestamp match my timestamp? Logstash	3	738	July 6, 2017
@timestamp not matching date parsed, apache logs Logstash	3	2799	July 6, 2017
Unable to write matching date pattern in log stash Logstash	8	2212	July 6, 2017
Timezone for date filter seems not working Logstash	2	2423	July 6, 2017
Timezone logstash date filter Logstash	5	4883	September 16, 2021

Different timezones for same kind of logs

Related topics