Hello.
I'm looking for grock filter matching this format [10/26/23 10:48:30:823 CEST]
can't find any match from predefined formats. I need it to my Logstash filter. Any ideas ?
Hi @elk1985
You don't say what fields you want out of it, this might get you where you want to go:
\[%{DATE_US:date} %{TIME:time} %{WORD:timezone}\]
A few general pointers when using grok with elastic:
- Elastic Grok documentation
- Logstash grok patterns (always gives me good ideas and helps me not reinvent the wheel).
- Grok debugger in kibana will help you experiment and see what works.
Good luck