How to parse timestamp apache access.log

Roccof97 · March 25, 2022, 2:02pm

Hi,

how can i parse this timestamp using grok filter?:
x.x.x.x - - [24/Mar/2022:00:00:04 +0000]

do you have any advice?

Thanks

aaron-nimocks · March 25, 2022, 2:12pm

Filter

grok {
  match => {
    "message" => "%{DATA:ip} - - \[%{GREEDYDATA:logdate}\]"
  }
}

date {
  match => [ "logdate", "dd/MMM/yyyy:HH:mm:ss Z" ]
}

Output

2022-03-24T00:00:04.000Z

Note - Might not need the escapes \[ \] in Logstash but they are needed in Grok Debugger where I tested.

Roccof97 · March 25, 2022, 3:39pm

thank you aron

system · April 22, 2022, 3:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Proper timestamp parsing Logstash	2	234	November 22, 2019
Completly lost with how to parse date Logstash	2	286	August 5, 2019
How to parse apache error.log Logstash	3	364	April 25, 2022
Can't parse timestamp to @timestamp Logstash	7	1616	March 8, 2017
Logstash timestamp issue Logstash	4	486	March 6, 2017