I am facing issues while parsing date using grok plugin in Filter

subrat1512 · July 9, 2019, 10:25am

I have the below in my logs
"2019-07-09\t07:35:42.210\t0.193\t0\tGET\t{URI}\t304\t{ECID}\t{someId}\t-\t{ip address}

I am not able to figure out how should i frame my filter using GROK.

I tried with something like the below:

filter {
grok{
match=>{"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}\t%{HOUR}:%{MINUTE}:%{SECOND}(.[0-9])%{GREEDYDATA:message}"}
}
}

Please let me know what i am doing wrong, getting erroo 'grokParseFailure'.
I am new to Logstash.

Your help will be highly appreciated.

Thanks
Subrat.

Badger · July 9, 2019, 1:23pm

If your message is tab separated the use \s in the grok pattern to match it, not \t.

Topic		Replies	Views
Date filter not parsing Logstash	7	639	July 6, 2017
Cannot parse logs with date filter Logstash	4	908	October 18, 2017
Unable to parse date in grok and filters Logstash	5	666	March 2, 2021
Match error grok filter Logstash	4	707	October 9, 2021
Logstash parse grok Logstash	4	429	February 28, 2017