Is there any existing grok{} pattern for date format YYYY-MM-DD?

shi · September 15, 2021, 11:00am

[Is there any existing grok{} pattern for date format YYYY-MM-DD?

I get error when i use %{DATE:datefield}, tried %{CUSTOM_DATE:datefield} also
,
that also resulted in failure

LizaD · September 15, 2021, 6:23pm

Welcome, the user guide may help here: Debug grok expressions | Kibana Guide [7.14] | Elastic. What is your sample data? Thanks.

aaron-nimocks · September 15, 2021, 7:08pm

Try (?<field_name>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}).

shi · September 16, 2021, 5:14am

Sir,

It is working now . thanks a lot ..

The sample log data was

2021-09-14T05:24:41.957467+05:30 10.101.200.1 date=2021-09-14 devname="W02" devid="3916803686" logid="0419016384" type="utm"
2021-09-14T05:31:41.358729+05:30 10.101.200.1 date=2021-09-14 devname="W02" devid="3916803686" logid="0419016384" type="utm"
2021-09-14T08:20:58.352756+05:30 10.101.200.1 date=2021-09-14 devname="W02" devid="3916803686" logid="0419016384" type="utm"

File beat is directly sening logs to elasticsearch. For this i am trying to create inex pattern using Kibana upload sample file

I tried
%{TIMESTAMP_ISO8601:timestamp} %{IP:ipaddress} date=(?%{YEAR}[/-]%{MONTHNUM}[/-]%{MONTHDAY}) devname=%{QUOTEDSTRING:devname} devid=%{QUOTEDSTRING:devid} logid=%{QUOTEDSTRING:logid} type=%{QUOTEDSTRING:type}

it is working and even combining the year month and date components together and considering newdate as date format

befor that i was trying date=%{YEAR}[/-]%{MONTHNUM}[/-]%{MONTHDAY} and i was wondering how to combine them . thanks for the pattern

system · October 14, 2021, 5:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.