Hi, Im currently parsing the date an time on this log:
<187>Jul 07 2020 11:29:55:
with this Grok
<%{POSINT:syslog_pri}>%{MONTH:mes} %{MONTHDAY:dia} %{YEAR:año} %{TIME:hora}:
Is there a better way to do this?
because after the Groking I have to join those fields, and then remove those fields
I would do that using dissect
dissect { mapping => { "message" => <%{syslog_pri}>%{[@metadata][timestamp]}" } }
date { match => { "[@metadata][timestamp]" => "MMM dd YYYY HH:mm:ss:" } }© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.