How I can replace time with actual time in my log file?

sbke_baap · July 17, 2019, 7:05am

While uploading my data, the time field is getting update with the uploading time.

Given below is my sample data

<134> id=firewall sn=C0EAE4F8239E time="2019-03-01 03:26:12 UTC" fw=203.109.120.130 pri=6 c=1024 m=537 msg="Connection Closed" app=49279 appName="Service SMB" n=1083492749 src=172.25.23.102:52096:X6 dst=116.199.6.106:445:X7 proto=tcp/445 sent=52 spkt=1

Code I'm using

date {
match => ["time" , "yyyy-MM-dd' HH:mm:ss ZZZ"]
remove_field => [ "timestamp" ]
} Screenshot%20(12)

Badger · July 17, 2019, 1:27pm

Remove the ' at the end of the date pattern in your date filter. I would also remove the remove_field option since it does nothing.

system · August 14, 2019, 1:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.