Grok Parsing Timestamp Error

rijinmp · January 23, 2018, 3:35am

Log :
in24.inetnebr.com - - [01/Aug/1995:00:00:01 -0400] "GET /shuttle/missions/sts-68/news/sts-68-mcc-05.txt HTTP/1.0" 200 1839

Pattern :
%{HOSTNAME:vhost} - - %{DATA:Raw_timestamp} "%{DATA:Method} /%{DATA:File} %{DATA:VersionP} %{NUMBER:Count} %{NUMBER:Response}

Output :
{
"vhost": [
[
"in24.inetnebr.com"
]
],
"Raw_timestamp": [
[
"[01/Aug/1995:00:00:01 -0400]"
]
],
"Method": [
[
"GET"
]
],
"File": [
[
"shuttle/missions/sts-68/news/sts-68-mcc-05.txt"
]
],
"VersionP": [
[
"HTTP/1.0""
]
],
"Count": [
[
"200"
]
],
"BASE10NUM": [
[
"200",
"1839"
]
],
"Response": [
[
"1839"
]
]
}

time stamp is parsing here : "[01/Aug/1995:00:00:01 -0400]"

I would like to parse like : "01/Aug/1995:00:00:01 -0400"

For that i am edited the pattern like this :

%{HOSTNAME:vhost} - - [%{DATA:Raw_timestamp}] "%{DATA:Method} /%{DATA:File} %{DATA:VersionP} %{NUMBER:Count} %{NUMBER:Response}

In the patters added square bracket . But showing error.
I dont want sqare bracket in time stamp. help me to remove that square bracket from parsed data.

system · February 20, 2018, 3:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extract a timestamp between square brackets [SOLVED] Logstash	4	1667	July 6, 2018
I need to parse this log message format Logstash	11	2423	April 2, 2019
How to escape square bracket in Logstash Grok filter? Logstash	7	12706	April 10, 2018
Timestamp grok pattern help Logstash	8	9712	January 2, 2018
Timestamp parsing issue Logstash	2	324	July 6, 2017

Grok Parsing Timestamp Error

Related Topics