I need tp parse below log line and extract the time into @apptimestamp . It throughing date parse failure. We need use the filed in kibana. We need to get whole timestamp with timezone and AM/PM
log line:
/start/scripts/transfer.sh Sun 15 Jul 2018 11:15:01 PM EDT files
Logstash config :
input { beats { port => 5045 } }
filter {
if "tag7" in [kind] {
grok { match => { "message" => "%{GREEDYDATA:script} %{DAY:weekday} %{MONTHDAY:day} %{MONTH:month} %{YEAR:year} %{TIME:time} %{WORD:period} %{WORD:zone} %{GREEDYDATA:logmessgae}" } }
mutate {
add_field => {
"appTimestamp" => "%{weekday} %{day} %{month} %{year} %{time} %{period} %{zone}"
}
}
date {
match => [ "appTimestamp","EEE dd MMM yyyy hh:mm:ss a Z" ]
target => "@appTimestamp"
remove_field => ["appTimestamp"]
remove_field => [ "month", "day", "year", "time","period" ]
}
}
}
output {
stdout {
codec => rubydebug
}
}