How to parse apache error.log

Roccof97 · March 28, 2022, 9:41am

Hi,

help! i can't parse this timestamp:

[Mon Mar 28 09:02:28.627528 2022] [mpm_winnt:notice] [pid 0000:tid 000] 0000000: Apache/00.00.0.0 (Win00) OpenSSL/0.0.0h configured -- resuming normal operations

suggestions?

Thanks

Roccof97 · March 28, 2022, 2:45pm

this is my code:

if [fields][log_module] == "apacherror" {
grok {
match => { "message" => "[%{DATA:timestamp}]" }}
date {
match => [ "timestamp" , "EEE MMM dd HH:mm:ss YYYY" ]
locale => "en"
}
}

Badger · March 28, 2022, 2:48pm

It seems unlikely that your grok will match just the timestamp, but in case it does, the date pattern has to match the whole of the field, so you should use EEE MMM dd HH:mm:ss.SSSSSS YYYY.

system · April 25, 2022, 2:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to parse timestamp apache access.log Logstash	3	430	April 22, 2022
Logstash date filter and @timestamp field Logstash	10	4073	September 27, 2017
Apache Error Logs Not Parsing Correctly Logstash	1	283	October 10, 2022
Having troubles parsing dates Elasticsearch	4	1002	July 6, 2017
Dateparsefailure: change @timestamp to timestamp for apache php error log Logstash	11	2323	June 9, 2017

How to parse apache error.log

Related topics