I want to use this pattern in logstash but unable to find pattern for [10-May-2017 16:16:33] timestamp
Kingly help me if anyone knew it.
The following should work:
"\[%{MONTHDAY:day}-%{MONTH:month}-%{YEAR:year} %{TIME:time}\]"
Please direct future question to the #logstash topic.
Thanks a lot @ jakelandis it works . But I need a single variable timestamp which should contain all date and time sothat I can use that in visualization in kibana.
In that case you will want something like the following :
grok {
match => {
message => "\[%{DATA:ts}\]"
}
}
date {
match => [ "ts", "dd-MMM-yyyy HH:mm:ss"]
remove_field => [ "ts" ]
}
Please direct future Logstash question to the #logstash topic.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.