How to separate Date and time in HTTPDATE format in grok and assign in different fields

nitin.jangid · February 22, 2019, 6:06am

Hi,

This is my weblogic log

10.10.110.180 - - [02/Jan/2018:12:36:37 +0530] "GET /imatch/cavsar/css/cavsar.css HTTP/1.1" 404 14681

with grok filter. I am having field name DateAndTime that having value 02/Jan/2018:12:36:37

"message"=>"%{IP:ServerIP} - - [%{HTTPDATE:DateAndTime}] "%{WORD:ReqType} %{NOTSPACE:Url} %{WORD:Protocol}/%{NUMBER:Version}" %{NUMBER:ResponseType} %{NUMBER:Duration:int}"

But i would like to have in elasticsearch two fields date and time separate so how can i filter this dateTime(HTTPDATE) format 02/Jan/2018:12:36:37 into two fields Date and time. Please help it would be appreciated.

Thanks In advance.

Badger · February 22, 2019, 1:46pm

You could use dissect

dissect {
    mapping => { "DateAndTime" => "%{date}:%{time}" }
    remove_field => [ "DateAndTime" ]
}

system · March 22, 2019, 1:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.