GROK Filter - Extract Year and Month

JeremyP · December 10, 2021, 9:08pm

Hi.... I'm looking for some help on creating a new field based on a grok pattern.

Here is the field in question:

"last_assessed_for_vulnerabilities": "2021-12-10T07:05:41.154Z"

I'm looking to create the following field using the year and month date...

report_period : 2021-12

I'm close, but I can't seem to get GROK to process the month properly. Any help is appreciated!

Badger · December 10, 2021, 10:01pm

How about

grok {
    pattern_definition => { "MYDATE" => "%{YEAR}-%{MONTHNUM}" }
    match => { "last_assessed_for_vulnerabilities" => "^%{MYDATE:someFeild}" }
}

system · January 7, 2022, 10:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extract Month and Year from date field Logstash	8	5709	December 20, 2019
Grok filter date format Logstash	2	1116	November 29, 2017
Grok date parsing trouble Logstash	3	23023	July 6, 2017
Parsing date field value using grok match Logstash	2	460	July 6, 2017
How to create a new Date format - GROK Logstash	1	307	December 11, 2018

GROK Filter - Extract Year and Month

Related topics