Hi,
I want to parse to below line but grok pattern get error. How can ı parse below line?
12/May/19 20:03:14 118.102.70.71
What grok pattern are you using? What error do you get?
I am using grok pattern %{HTTPDATE:time_local} but not parsing
Actually ı need below model but ı don't know how ı can
{
time_local:12/MAY/2019 20:03:14,
ip: 118.102.70.71
}
ı need grok pattern for above json model
If your data looks like
12/May/19 20:03:14 118.102.70.71
i.e. three space-separated fields, then I wouldn't use grok at all. I would dissect it
dissect { mapping => { "message" => "%{time_local} %{+time_local} %{ip}" } }This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.