Grok Parsing Timestamp Error

rijinmp · January 23, 2018, 3:35am

Log :
in24.inetnebr.com - - [01/Aug/1995:00:00:01 -0400] "GET /shuttle/missions/sts-68/news/sts-68-mcc-05.txt HTTP/1.0" 200 1839

Pattern :
%{HOSTNAME:vhost} - - %{DATA:Raw_timestamp} "%{DATA:Method} /%{DATA:File} %{DATA:VersionP} %{NUMBER:Count} %{NUMBER:Response}

Output :
{
"vhost": [
[
"in24.inetnebr.com"
]
],
"Raw_timestamp": [
[
"[01/Aug/1995:00:00:01 -0400]"
]
],
"Method": [
[
"GET"
]
],
"File": [
[
"shuttle/missions/sts-68/news/sts-68-mcc-05.txt"
]
],
"VersionP": [
[
"HTTP/1.0""
]
],
"Count": [
[
"200"
]
],
"BASE10NUM": [
[
"200",
"1839"
]
],
"Response": [
[
"1839"
]
]
}

time stamp is parsing here : "[01/Aug/1995:00:00:01 -0400]"

I would like to parse like : "01/Aug/1995:00:00:01 -0400"

For that i am edited the pattern like this :

%{HOSTNAME:vhost} - - [%{DATA:Raw_timestamp}] "%{DATA:Method} /%{DATA:File} %{DATA:VersionP} %{NUMBER:Count} %{NUMBER:Response}

In the patters added square bracket . But showing error.
I dont want sqare bracket in time stamp. help me to remove that square bracket from parsed data.

system · February 20, 2018, 3:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
First time with grok Elasticsearch	3	206	April 26, 2022
Unexpected _grokparsefailure while parsing square brackets with custom pattern Logstash	1	693	July 6, 2017
Unable to parse this timestamp-very strange Logstash	2	542	February 8, 2019
Grok pattern - sometimes nesting bracket Logstash	3	293	October 5, 2022
_grokparsefailure when parsing IIS logs if the %{URIPATH:page} has square brackets [] in it Logstash	3	1997	July 6, 2017

Grok Parsing Timestamp Error

Related topics