I am sending a customized log file to filebeat, in which my time format is not able to come in date format type

I am sending my data to elasticsearch through logstash from customized log file, with a "time2" field in it, i am not able to find a way how to convert time2 field into date type format.
below is my log file:

"score":{

{"username":"Su200222","process1":"chrome.exe","RAM1":8,"time2":"11:24:54 AM 12/30/2018"},

{"username":"Su200222","process1":"chrome.exe","RAM1":6,"time2":"11:30:54 AM 12/30/2018"},

{"username":"Su200222","process1":"chrome.exe","RAM1":7,"time2":"11:40:54 AM 12/30/2018"},

{"username":"Su200222","process1":"chrome.exe","RAM1":5,"time2":"11:55:54 AM 12/30/2018"},

{"username":"Su200222","process1":"chrome.exe","RAM1":3,"time2":"12:24:54 PM 12/30/2018"},

{"username":"Su200222","process1":"chrome.exe","RAM1":9,"time2":"12:54:54 PM 12/30/2018"}

}

And below is my logstash-simple.conf file

input {
beats {
port => 5044
}
}

filter {
date {
match => [ "time2", "HH:mm:ss MM/dd/yyyy"]
}
}

output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}

Can some one help me how to convert this field into date type.
Thanks in advance

Did you check if your grok pattern works? You don't match for AM or PM. Did you try to verify the pattern against a log line with grokdebug og grokconstructor?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.