Hi
I have a log file that I want to parse to elasticsearch using logstash.
In the log I have a date like that:
2019-04-18+05:48:54.470
I trying to find how to grok this timestamp with kibana Grok Debugger
Trying the following pattern but with no success:
%{HTTPDATE:timestamp}
%{DATESTAMP:timestamp}
%{TIMESTAMP_ISO8601:timestamp}
Any suggestion?
Thanks
Talia
The closest pattern I could find that is known by Logstash is this
TOMCAT_DATESTAMP 20%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:?%{MINUTE}(?::?%{SECOND}) %{ISO8601_TIMEZONE}
The + between the date and time doesn't seem to be in any so you will have to make your own.
This pattern should work
%{YEAR}-%{MONTHNUM}-%{MONTHDAY}\+%{TIME}
Thanks
Just to be sure, for combinning all the feilds that I get from this pattern I have to use the mutate in the logstash file?
like this:
mutate {
add_field => {
"timestamps" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:?%{MINUTE}(?::?%{SECOND}) %{ISO8601_TIMEZONE}"
}
remove_field => ["YEAR", "MONTHNUM","MONTHDAY","HOUR","MINUTE","SECOND","ISO8601_TIMEZONE"]
}
That was a grok pattern. You can put it in a pattern file or specify it inside the grok filter like
grok {
match => { "filed_name" => "YOUR FULL LINE GROK PATTERN GOES HERE. YOU CAN USE %{MY_TIME:timestamp} FOR THE DATE PART"
pattern_definitions => {
"MY_TIME" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}\+%{TIME}"
}
}
Not entirely sure what the best way to turn the time into @timestamp would be...
OK
Thanks a lot
This shows the pattern you need to parse it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.