@magnusbaeck Thanks.
Is this correct config:
filter {
grok {
match => {"message" => "(?<logTime>[0-9]{2}:[0-9]{2}:[0-9]{2},[0-9]{3}) "}
}
ruby {
code => "event['logTimestamp'] = Time.now.strftime('%Y-%m-%d') + ' ' + event['logTime']"
}
date {
match => ["logTimestamp", "YYYY-MM-dd HH:mm:ss,SSS"]
timezone => "..."
}
}
I replaced mutate filter with ruby one to get the current date of the log.