If I have this value in my data: Dec 29 14:20:41 2005
Can you give me conf settings I'd need to have it get used as the @timestamp? I've tried many combinations and no luck getting the date filter to work for this format.
Much appreciated,
Kyle
Your format is nearly identical with what's typically in syslog messages. This example should help: https://www.elastic.co/guide/en/logstash/current/config-examples.html#_processing_syslog_messages
I'll give it a try hopefully today and let you know, thanks.
that seemed to help, braces vs brackets on the match line appeared to be issue even though the match line was breaking out the data into the fields.