Grok filter date format

TheNmaptomyHeartBeat · November 1, 2017, 10:47am

Hello.

I have a date with the blow format in my log files (Nginx error log).

2016/11/15

I am trying to create a Grok filter for it. However, I can't seem to find any date stamp for it. I tried all of Grok's date stamps the only one that matches is DATESTAMP but it doesn't put the dates in the correct fields. the month is in the year and so on.

I used this for the Grok filter:

%{YEAR:year}\/%{NUMBER:month}\/%{NUMBER:day}

Using the Grok debugger I checked that this works fine but how does that work in terms of Logstash as it parses the day and month as number rather than dates.

Any help is very much appreciated.

TheNmaptomyHeartBeat · November 1, 2017, 11:04am

Found it. Was looking for a whole day and just searching a related topic I stumbled on a comment that had what I needed its this patter:

(?<timestamp>%{YEAR}[./]%{MONTHNUM}[./]%{MONTHDAY} %{TIME})

its for the date and the time stamp. Works like a charm. Just hope it works well with Elasticsearch.

system · November 29, 2017, 11:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Trouble parsing date with date filter Logstash	5	1226	April 20, 2017
Grok pattern for date Logstash	6	1691	June 13, 2019
Date filter in logstash.conf not parsing the date while grok parses it by timestamp_iso8601 Logstash	21	27377	July 6, 2017
Failed parsing date in format "dd/MM/yyyy" for specific date Logstash	13	2628	November 19, 2018
Logstash/ES date format issue Logstash	7	2374	July 6, 2017

Grok filter date format

Related topics