Hi,
how can i parse this timestamp using grok filter?:
x.x.x.x - - [24/Mar/2022:00:00:04 +0000]
do you have any advice?
Thanks
Filter
grok {
match => {
"message" => "%{DATA:ip} - - \[%{GREEDYDATA:logdate}\]"
}
}
date {
match => [ "logdate", "dd/MMM/yyyy:HH:mm:ss Z" ]
}
Output
2022-03-24T00:00:04.000Z
Note - Might not need the escapes \[ \] in Logstash but they are needed in Grok Debugger where I tested.
1 Like
thank you aron
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.