Hi All,
I have a mainframes systems log, How do we grok for the julian date?
The sample log is mentioned below.
X 0000000 T158 2017208 23:59:00.27 SYSLOG 00000000 IEE042I SYSTEM LOG DATA SET INITIALIZED
What have you tried?
@warkolm
i used the below for the time,
{TIMESTAMP_ISO8601}
The below grok is not the complete one.
grok {
match => [ "message", "\A%{TIMESTAMP_ISO8601:date: }" ]
overwrite => [ "message" ]
}
date {
match => [ "Date","yyyyddd HH:mm:ss,SSS"]
target => "Date"
}
Is there a method to convert the julian date format to a normal user readable one. Or will it be done by logstash itself?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.