Timestamp format help "20151027 10:20:37"


(Ruchii Ruchii) #1

I am new to logstash would like to extract @timestamp data from "20151027 10:20:37 0 0 1 0 0 0 0 99 1 0 0 1352 1305 0 1225 2 0.61 0.53 0.52 3 0 24 22 3 16 0 5 0 0 0 0 0 0 0 0 0 0 0 0".
Thanks in advance


(Jay Greenberg) #2

@ruchii,

Try this:

filter {
  grok {
    match => { "message" => [
        "(?<timestamp>\S+ \S+) %{GREEDYDATA:rest}"
        ]}
  }
  date {
      match => [ "timestamp" , "YYYYMMdd HH:mm:ss" ]
      locale => "en"
  }
}

(Ruchii Ruchii) #3

@PhaedrusTheGreek Thank you that worked.


(system) #4