Hello,
I am extracting Year, Month, and Day from the following testing log name and converting it to timestamp later.
log20230225.log
I am using the following grok filter:
log%{YEAR:year}%{MONTHNUM:month}%{MONTHDAY:day}\.log
The fields extracted are:
year: 2023
month: 02
day: 25
The problem is that real log names are in a different format: log230225.log where the year is in the short format using just the first 2 digits for the year, so the %{YEAR:year} does not work here, as it is expecting 4 digits input.
Is there a way to extract the year as 2 digits only by grok? Something like %{YEAR:year_short}? or maybe just extract those 2 first digits to a separate field and I can use them later for the timestamp conversion using yy?