I have written a simple grok
Input-: 20170301:18544482:INFO 10.0.0.67 ABCLOG sending request
%{POSINT:time1}:%{POSINT:time2}:%{WORD:loglevel} %{IP:ip} %{WORD:logdata} %{GREEDYDATA:message}
Output-:
{
"time1":"20170301",
"time2":"18544482",
"loglevel":"INFO",
"ip":"10.0.0.67",
"logdata": "ABCLOG",
"message": "sending request"
Now how do I use time1 and time2 field to get a timestamp in below format,
YYYY-MM-ddThh:mm:ss.SS
Later I will use the above timestamp as default in kibana.
PS: How to break time1 and time2 field to get year and date etc is my real query.