Grok format for [10-May-2017 16:16:33] - || Response = 400

satyaban · November 5, 2018, 1:54pm

I want to use this pattern in logstash but unable to find pattern for [10-May-2017 16:16:33] timestamp

Kingly help me if anyone knew it.

jakelandis · November 5, 2018, 3:06pm

The following should work:

"\[%{MONTHDAY:day}-%{MONTH:month}-%{YEAR:year} %{TIME:time}\]"

Please direct future question to the #logstash topic.

satyaban · November 6, 2018, 4:58am

Thanks a lot @ jakelandis it works . But I need a single variable timestamp which should contain all date and time sothat I can use that in visualization in kibana.

jakelandis · November 6, 2018, 2:54pm

In that case you will want something like the following :

  grok {
     match => {
       message => "\[%{DATA:ts}\]"
     }
   }
  date {
    match => [ "ts", "dd-MMM-yyyy HH:mm:ss"]
    remove_field => [ "ts" ]
  }

Please direct future Logstash question to the #logstash topic.

system · December 4, 2018, 2:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok pattern for date Logstash	6	1691	June 13, 2019
Logstash time formate grok filter required for 5/16/2019 3:04:16 AM Logstash	1	276	October 9, 2019
How to create a new Date format - GROK Logstash	1	307	December 11, 2018
Pattern for Specific Date and Time format Logstash	2	286	July 2, 2019
Grok pattern for date format Beats filebeat	2	245	May 30, 2022

Grok format for [10-May-2017 16:16:33] - || Response = 400

Related topics