Logstash convert existing timestamp format in message

Groove · December 15, 2022, 1:10pm

Hello,

I have 2 different application logs.

OUTPUT:

<135>1 2022-12-12T16:28:02Z HOSTNAME EvntSLog - - - Le service Service de licences de client (ClipSVC) est entré dans l’état : arrêté.

<134>Dec 12 16:28:02 HOSTNAME CEF:0|Trend Micro|Deep Security Manager|20.0.703|602|User Timed Out|

Here, both timestamp is different and I want to convert both timestamp format to standard timestamp format which would be "dd-mm-yyyy-HH-MM-SS".

My filter setting is

grok {
      match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}" }
    }
    date {
        match => ["timestamp", "yyyy-mm-dd HH:mm:ss,SSS", "yyyy-mm-dd HH:mm:ss a"]
    }

Thanks in advance.

system · January 12, 2023, 1:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.