Grok Custom Timestamp Filter

Ghassan_Zein · October 3, 2019, 9:55am

Am not able to filter the following date through grok, it doesnt fall under any ready made TIMESTAMP filters:

07 Aug 2019 13:54:27.463

I want to retrive it and replace it with @timestamp (or create a "Date" variable and add it there)

Thanks

ben.west · October 3, 2019, 10:52am

Hi,

You can use the Date Filter to create arbitrary (and multiple) patterns for handling date/time stamps.

Ghassan_Zein · October 3, 2019, 10:55am

@ben.west I know about the Date Filter but am not able to find the right syntax to fit with my need. Can you please advise?

ben.west · October 3, 2019, 11:01am

This should work: dd MMM yyyy HH:mm:ss.SSS

Ghassan_Zein · October 3, 2019, 11:04am

how would the whole config be in this case? like this?

date {
     match => [ "Date", "dd MMM yyyy HH:mm:ss.SSS" ]
     target => "Date"
    }

ben.west · October 3, 2019, 12:24pm

Yes that should work. You mentioned in your original post you wanted to update the @timestamp field of the event so you can omit the target to do this automatically.

Topic		Replies	Views
Logstash date filter not replacing @timestamp field Logstash	4	1287	April 1, 2017
Date Filter Logstash Logstash	5	397	June 9, 2020
Date filter issues Logstash	3	518	July 6, 2017
How To use date Field in RAW data to used as @timestamp in Grok pattern Logstash	7	720	May 1, 2019
Logstash timestamp issue Logstash	4	544	March 6, 2017

Grok Custom Timestamp Filter

Related topics