How to parse this date format and target it to @timestamp

Sridhar_Yadav_Manoha · July 20, 2016, 7:36pm

How to parse this date format and target it to @timestamp : 19/Jul/2016:17:39:02

magnusbaeck · July 20, 2016, 8:31pm

dd/MMM/yyyy:HH:mm:ss

It looks like you're processing an HTTP log. Have a look at the first example at https://www.elastic.co/guide/en/logstash/current/config-examples.html.

Sridhar_Yadav_Manoha · July 20, 2016, 8:33pm

date {
match => [ "Start_Time", "dd/MMM/yyyy:HH:mm:ss" ]
target => "@timestamp"
}

Currently I'm using this configuration.

I'm getting Invalid Format : "19/Jul/2016:17:39:02" is malformed at "/Jul/2016:17:39:02"

magnusbaeck · July 21, 2016, 6:00pm

Works fine here:

$ cat test.config
input { stdin { } }
output { stdout { codec => rubydebug } }
filter {
  date {
    match => ["message", "dd/MMM/yyyy:HH:mm:ss"]
  }
}
$ echo '19/Jul/2016:17:39:02' | /opt/logstash/bin/logstash -f test.config
Settings: Default pipeline workers: 2
Pipeline main started
{
       "message" => "19/Jul/2016:17:39:02",
      "@version" => "1",
    "@timestamp" => "2016-07-19T15:39:02.000Z",
          "host" => "hallonet"
}
Pipeline main has been shutdown
stopping pipeline {:id=>"main"}