[7/1/05 13:41:00:516 PDT] -- log line
( \[%{DD/MM/YY HH:MM:SS:S Z}\] ) -- this is the grok pattern i have used.
Doesnt seem to work. Can anyone help with this logstash grok pattern
You need to look at the sub-seconds you have, it doesn't match.
However you should really use the date filter here.
input {
file {
path => "/home/ubuntu/sound/logstash-5.0.0/bin/sta.log"
start_position => "beginning"
}
}
filter {
grok {
match =>" \[%{DATA:timestamp}\] "
}
date {
match => ["timestamp","DD/MM/YY HH:MM:SS:S ZZZ"]
}
}
output {
stdout{codec => "json"}
}
this is the configuration I have used.
And consider this as my sta.log file content:
[7/1/05 13:41:00:516 PDT]
Does not match
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.