I have a timefield like;
[08/Feb/2017:07:09:47 +0000]
and I use the pattern in grok match like;
\[(?<date_and_time>%{MONTHDAY}/%{MONTH}/20%{YEAR}:%{HOUR}:?%{MINUTE}(?::?%{SECOND}) ZZZ)\]
which is giving me a grokparsefailure. Somebody kindly help me to fix this?
Thank you.
"ZZZ" belongs in a date filter, not a grok filter. Replace it with a grok pattern that matches timezone offsets.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.