GUnicorn uses this format for the error log file: [2019-04-24 14:53:51 +0000] [10] [INFO] Starting gunicorn 19.4.5 [2019-04-24 14:53:51 +0000] [10] [INFO] Listening at: http://0.0.0.0:12007 (10) Is the timestamp a standard ISO format that can be used in grok? Currently my logstash pipeline grok f…

Grok GUnicorn error log date format?

Badger April 24, 2019, 3:45pm 2

If it works it is OK. That said, personally I would use a dissect filter for a delimited format like that

dissect { mapping => { "message" => "[%{thetime}] [%{pid}] [%{level}] %{event}" } }

1 Like

Topic		Replies	Views
Logstash pipeline error date Logstash	11	902	February 15, 2019
Logstash Date Filter, UNIX date format parse error, date is malformed Logstash	3	2479	July 6, 2017
Logstash failed to parse timestamp field, Invalid format, malformed (grok, date filter, add_field) Logstash	4	4106	February 23, 2018
Logstash dateparse failure error Logstash	4	382	March 27, 2020
Grok filter date error Logstash	2	320	September 26, 2019