Grok filter match with joda datetime pattern?

Wurzelseppi · October 10, 2018, 5:26am

Hi guys,

I have this configuration (part of)

filter {
if [type] == "gflogs"
{
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:TimestampTemp}" }
}
date {
match => [ "TimestampTemp", "ISO8601" ]
remove_field => [ "TimestampTemp" ]
}
}

else if [type] == "planauflogs"
{
grok {
match => { "message" => "%{'yyyyMMdd-HHmmss':TimestampTemp}" }
}
date {
match => [ "TimestampTemp", "ISO8601" ]
remove_field => [ "TimestampTemp" ]
}

The filter for the type "gflogs" works, but I can´t get the filter for the type "planauflogs" working.
Can anybody please (please please ) help me out here ?

Many thanks in advance and greetings,

Wurzelseppi

Wurzelseppi · October 15, 2018, 5:22am

Just a question guys. In the meantime I solved it myself, but i wonder why there weren´t any responses here ?
Please give me ping shortly if you can read this. Otherwise I have to wonder if anybody can read this at all ....

system · November 12, 2018, 5:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date filter recognizing custom grok pattern? Logstash	12	6798	July 6, 2017
Grok filter TIMESTAMP_ISO8601 appears in Kibana as String Logstash	4	1698	January 11, 2021
Date filter configuration error Logstash	4	693	July 6, 2017
Matching with "date" creates _grokparsefailure but matches are okay Logstash	3	3090	July 6, 2017
Date filter plugin successfully matches but doesn't show up in Kibana Logstash	4	412	August 28, 2018

Grok filter match with joda datetime pattern?

Related topics