Timestamp grok pattern [SOLVED]

dr01 · June 5, 2018, 3:26pm

I need to parse a cloud-init logfile:

122.81 - Tue, 05 Jun 2018 11:53:21 +0000 - v. 0.7.9

Here's the grok pattern I wrote:

%{NUMBER:time} - %{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE} - v. %{NUMBER:version}

This pattern works. However, how can I capture the timestamp as a whole? Is there a way to nest grok patterns inline, apart from defining them in a separate pattern file and use the patterns_dir option?

Badger · June 5, 2018, 3:59pm

Use dissect in place of grok.

dissect { mapping => { "message" => "%{time} - %{ts} %{+ts} %{+ts} %{+ts} %{+ts} %{+ts} - v. %{version}" } }
date { match => [ "ts", "EEE, dd MMM yyyy HH:mm:ss Z" ] }

system · July 3, 2018, 3:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok pattern for date Logstash	6	1691	June 13, 2019
Issue parsing non-standard timestamp (Cisco router log) Logstash	5	1329	July 20, 2018
Pattern for the Below Timestamp Logstash	4	451	May 25, 2017
Grock Parse Date and time Logstash	2	243	August 4, 2020
Help to parse a timestamp string with grok filter in logstash Logstash	4	7446	July 6, 2017

Timestamp grok pattern [SOLVED]

Related topics