Log :
in24.inetnebr.com - - [01/Aug/1995:00:00:01 -0400] "GET /shuttle/missions/sts-68/news/sts-68-mcc-05.txt HTTP/1.0" 200 1839
Pattern :
%{HOSTNAME:vhost} - - %{DATA:Raw_timestamp} "%{DATA:Method} /%{DATA:File} %{DATA:VersionP} %{NUMBER:Count} %{NUMBER:Response}
Output :
{
"vhost": [
[
"in24.inetnebr.com"
]
],
"Raw_timestamp": [
[
"[01/Aug/1995:00:00:01 -0400]"
]
],
"Method": [
[
"GET"
]
],
"File": [
[
"shuttle/missions/sts-68/news/sts-68-mcc-05.txt"
]
],
"VersionP": [
[
"HTTP/1.0""
]
],
"Count": [
[
"200"
]
],
"BASE10NUM": [
[
"200",
"1839"
]
],
"Response": [
[
"1839"
]
]
}
time stamp is parsing here : "[01/Aug/1995:00:00:01 -0400]"
I would like to parse like : "01/Aug/1995:00:00:01 -0400"
For that i am edited the pattern like this :
%{HOSTNAME:vhost} - - [%{DATA:Raw_timestamp}] "%{DATA:Method} /%{DATA:File} %{DATA:VersionP} %{NUMBER:Count} %{NUMBER:Response}
In the patters added square bracket . But showing error.
I dont want sqare bracket in time stamp. help me to remove that square bracket from parsed data.