Syslog timestamp format?

Elastic Stack Logstash
1

I am using logs from syslog, and syslog timestamp format doest not have year, and the timestamp format is

May  3 09:10:10

how to add the year and convert the format to

YYYY-MM-DD hh:mm:ss
for the example ,it's will be looks like

2016-05-03 09:00:10

Any help is welcome to resolve this.

1 Like
2

You need to use the date filter - https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html
A match pattern like MMM dd HH:mm:ss would work, then when you integrate that into the filter it'll add the date and make it ISO8601 format.

1 Like
3

i tried to add the date filter

date {
   locale => "en"
   match => ["received_at",
          "MMM  d HH:mm:ss YYYY",
          "MMM dd HH:mm:ss YYYY","ISO8601"
          ]
    add_field => ["time" , "%{YYYY-MM-dd HH:mm:ss}"       ---> how to get the receive_at and convert the format ?
 }
4

And what was the outcome?

5

with my date filter

date {
         locale => "en"
         match => ["timestamp",
          "MMM  d HH:mm:ss.SSS YYYY",
          "MMM dd HH:mm:ss.SSS YYYY",
          "ISO8601"]
    }

it's didn't get any error
but the timestamp didn't convert the format
from

May 4 11:49:19.701 2016

to

 2016-05-04 11:43:19.701
6

The date filter by default populates the @timestamp field with the parsed date, and does not update the field that was parsed. You can change this by specifying a target field.

7

it's work when change the target field,
but i just want to change the month format from Jan,Feb,Mar... to 01,02,03...

8

Could you please just provide the final configuration which you used to solve this issue.
Since I am facing the same problem and I am not able to solve this