I am facing issues while parsing date using grok plugin in Filter

subrat1512 · July 9, 2019, 10:25am

I have the below in my logs
"2019-07-09\t07:35:42.210\t0.193\t0\tGET\t{URI}\t304\t{ECID}\t{someId}\t-\t{ip address}

I am not able to figure out how should i frame my filter using GROK.

I tried with something like the below:

filter {
grok{
match=>{"message" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}\t%{HOUR}:%{MINUTE}:%{SECOND}(.[0-9])%{GREEDYDATA:message}"}
}
}

Please let me know what i am doing wrong, getting erroo 'grokParseFailure'.
I am new to Logstash.

Your help will be highly appreciated.

Thanks
Subrat.

Badger · July 9, 2019, 1:23pm

If your message is tab separated the use \s in the grok pattern to match it, not \t.

system · August 6, 2019, 1:23pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
_dateparsefailure Logstash	3	846	January 30, 2017
Date filter issues Logstash	3	485	July 6, 2017
Strugging with the date filter Logstash	3	531	July 25, 2018
Dateparsefailure error logstash Logstash	1	196	June 30, 2021
There is no dateparsefailure in the tag,but it does not work Logstash	10	555	June 6, 2018