Hi.... I'm looking for some help on creating a new field based on a grok pattern.
Here is the field in question:
"last_assessed_for_vulnerabilities": "2021-12-10T07:05:41.154Z"
I'm looking to create the following field using the year and month date...
report_period : 2021-12
I'm close, but I can't seem to get GROK to process the month properly. Any help is appreciated!
How about
grok {
pattern_definition => { "MYDATE" => "%{YEAR}-%{MONTHNUM}" }
match => { "last_assessed_for_vulnerabilities" => "^%{MYDATE:someFeild}" }
}This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.