Hi, i am trying to extract the information to timestamp from the following log event for that I tried it as
20220628 11:44:29.887 - DEBUG - Trying to connect to the target:
I created the pattern this way
%{YEAR}%{MONTHNUM}%{MONTHDAY} %{TIME}\s-\s%{LOGLEVEL:log-level} - %{GREEDYDATA:loggedString}
Now I am getting the extracted data already but I want to add this to timestamp which should look like
timestamp = 2022-06-28 11:44:29.887
Thank you in advance
Hello @zain.jutt
You could try this below grok pattern where it contains the date which is in string type in one column then we can use date plugin to change it to date format
%{GREEDYDATA:timestamp} -\s%{LOGLEVEL:log-level} - %{GREEDYDATA:loggedString}
@sudhagar_ramesh Thanks for the idea i tried this way but I am getting failuer
date {
match => [ "timestamp", "YY-MM-dd HH:mm:ss" ]
}
anyidea please
@sudhagar_ramesh Which format we can apply then? i tried with / as well but no success.
Hello @zain.jutt
Please try the below one , it would work for sure
filter {
grok
{
match => {"message" => "%{DATA:timestamps} -\s%{LOGLEVEL:log-level} - %{GREEDYDATA:loggedString}"}
}
ruby {
code => '
t = event.get("timestamps")
varDateStringToDate = DateTime.strptime(t,"%Y%m%d %H:%M:%S")
event.set("timestamps", varDateStringToDate.strftime("%Y-%m-%d %H:%M:%S"))
'
}
}
Keep Posted !!! Thanks !!!
Thank you man, Works like charm 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.