How to separate Date and time in HTTPDATE format in grok and assign in different fields


This is my weblogic log - - [02/Jan/2018:12:36:37 +0530] "GET /imatch/cavsar/css/cavsar.css HTTP/1.1" 404 14681

with grok filter. I am having field name DateAndTime that having value 02/Jan/2018:12:36:37

"message"=>"%{IP:ServerIP} - - [%{HTTPDATE:DateAndTime}] "%{WORD:ReqType} %{NOTSPACE:Url} %{WORD:Protocol}/%{NUMBER:Version}" %{NUMBER:ResponseType} %{NUMBER:Duration:int}"

But i would like to have in elasticsearch two fields date and time separate so how can i filter this dateTime(HTTPDATE) format 02/Jan/2018:12:36:37 into two fields Date and time. Please help it would be appreciated.

Thanks In advance.

You could use dissect

dissect {
    mapping => { "DateAndTime" => "%{date}:%{time}" }
    remove_field => [ "DateAndTime" ]

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.