How to filter a time stamp with no year value

ssasporta · July 26, 2017, 12:39am

Hi,

This is how my event logs looks like : <<ERROR>> [Jul 25 19:17:08] [[ACTIVE]

I am trying to filter the time stamp.

The grok looks like: \<\<%{LOGLEVEL:severity}\>\> \[%{PARTTIMESTAMP:timestamp}\] \[\[%{DATA}\]

And we added the following filter:

date {
                      match => [ "timestamp" , "MMM dd hh:mm:ss"]
        }

In the Kibana, we keep getting _dateparsefailure

Can you pls help to understand what is wrong?

Thanks
Sharon.

ssasporta · July 26, 2017, 1:02am

solved.

hh doesn't exist.

HH sloved the issues.

magnusbaeck · July 26, 2017, 5:46am

hh does exist but is for 12-hour times.

system · August 23, 2017, 5:46am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.