Hi,
help! i can't parse this timestamp:
[Mon Mar 28 09:02:28.627528 2022] [mpm_winnt:notice] [pid 0000:tid 000] 0000000: Apache/00.00.0.0 (Win00) OpenSSL/0.0.0h configured -- resuming normal operations
suggestions?
Thanks
this is my code:
if [fields][log_module] == "apacherror" {
grok {
match => { "message" => "[%{DATA:timestamp}]" }}
date {
match => [ "timestamp" , "EEE MMM dd HH:mm:ss YYYY" ]
locale => "en"
}
}
It seems unlikely that your grok will match just the timestamp, but in case it does, the date pattern has to match the whole of the field, so you should use EEE MMM dd HH:mm:ss.SSSSSS YYYY.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.