If my logs is 2020-03-26-12:12:36 aaa, I want to filter out the date like 2020-03-26-12:12:36 ,How can I do it ? My config is
grok {
match => {"message => (?<date>([0-9|-]\S+[0-9|:]\S+)"}
add_field => {
"times" => "%{date}"
}
}
Hi @rockyu,
If you use e.g. Kibana, there is a Grok Debugger where you can test GROK patterns.
Something like this should work
grok {
match => { "message" => "(?<times>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}-%{HOUR}:%{MINUTE}:%{SECOND}) %{DATA:string}$" }
}
That gave me this result
{
"times": "2020-03-26-12:12:36",
"string": "aaa"
}Thanks for helping to solve this problem 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.