Hello,
I have a timestamp like this"2017-03-27 17:00:27,352 -0500".
Tried using TIMESTAMP_ISO8601 but it doesnt pick up timezone part . So I tried using a pattern which looks like "YYYY-MM-dd HH:mm:ss,SSS zZ" and it still doesnt pick up.
Any assistance is appreciated.
Thanks in advance,
Harsha
Are you talking about a grok pattern or date pattern?
To avoid misunderstandings and wasting everyone's time, please make it a habit to post your configuration instead of trying to describe what you're doing.
Sorry for wasting your time.
Log Line looks like" 2017-03-27 17:00:27,352 -0500|xghf|NOT_CONNECTED|FORK_ABORT|Call handled by another call ".
Below is my filter design and am trying to match log timestamp to @timestamp.
filter {
grok {
match => ["message","%{TIMESTAMP_ISO8601:Timestamp}|%{HOSTNAME:CssVersion}|%{GREEDYDATA:msg}"]
}
date {
match => [ "timestamp", "ISO8601" ]
locale => en
}
}
For some reason timezone doesnt get parsed hence log lines fall under current system timestamp bucket.
So I tried using the below filter and i still get the same result.
filter {
grok {
match => ["message","%{DATA:Timestamp}|%{HOSTNAME:CssVersion}|%{GREEDYDATA:msg}"]
}
date {
match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSS zZ" ]
locale => en
}
Seems easier to just use a csv filter to parse that log.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.