From the apache log timestamp have to extract the timezone and store it in elastic Db

Hi,

I have the below logformat , I need to store the timezone of the original timestamp's timezone in characters.

Ex:
Log format:
10.68.36.27 - adam@gmail.com [05/Feb/2018:14:52:23 -0600] "GET /content/web/cnt2626024 HTTP/1.1" 200 1543 "https://mysite.com/index.htm" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0" "10.39.197.233" "image/png"

if the timestamp is [05/Feb/2018:14:52:23 -0600], i have to convert the -0600 to the timezone CST and store it as separate timezone field in ES.

if it is -0500 , I need that to be stored as EST.

Any help how to achieve this using grok or anyother filter plugin ?

Presumably you already have a grok filter that extracts the timestamp to a field (the you feed to a date filter). You can add another grok filter that parses the timestamp string and extracts the timezone into a yet another field, which you then feed to a translate filter that maps the UTC offset into a timezone name.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.