Problem date parsing

Sam67000 · April 28, 2017, 2:09pm

Hello everybody.
I have a small problem with some type of log annd I need your help.
I couldn't extract the date.

The logs are as follows :

[2017/04/25 15:39:46.255][Info] Block [[Main]][1][ALLOCALL]
[2017/04/25 15:39:46.255][Info] Value '' is assigned to variable [NUMEROCOLORE]
[2017/04/25 15:39:46.255][Info] Jump to block [[Main]][660]

I tried with the following filter but it doesn't work :
match => {"message" => "^%{TIMESTAMP_ISO8601:Date}"}

Thank you for ur help !

magnusbaeck · April 28, 2017, 2:13pm

You have two problems:

Your grok expression needs to take into account that your log line starts with [.
Your timestamp isn't in ISO8601 format so you can't use TIMESTAMP_ISO8601.

Sam67000 · April 28, 2017, 2:23pm

Is that better :
match => {"message" => "[%{YEAR}/%{MONTH}/%{MONTHDAY} %{TIME}]:Time"}

It doesn't work also.

magnusbaeck · April 28, 2017, 2:27pm

Try this expression:

^\[(?<Time>%{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{TIME})\]...

Sam67000 · April 28, 2017, 2:38pm

It's work ! Thank you very much !!!

Topic		Replies	Views
Cannot parse logs with date filter Logstash	4	909	October 18, 2017
Issue while parsing date Logstash	5	735	July 7, 2018
Date parsing (timestamp) Logstash	3	362	April 9, 2018
Grok filter TIMESTAMP_ISO8601 Logstash not working Logstash	3	2701	May 8, 2019
Completly lost with how to parse date Logstash	2	317	August 5, 2019

Problem date parsing

Related topics