Timestamp parsing in CCM logs

Maekee · October 28, 2018, 8:00pm

Hello,
Trying to parse the date in logstash on logs from ccm logs (System Center Configuration Manager).
Example row:

<![LOG[Successfully raised pending event]LOG]!><time="20:01:33.961-60" date="10-28-2018" component="CCMEXEC" context="" type="1" thread="6300" file="eventprovider.cpp:384">

Two questions:

Is there a way to build the timestamp from the time and date format without getting all the separate date and time values in the 6+ fields and then matching them together?
I want to include the milliseconds-part. How do i do this?

Will Elasticsearch approve if i send a timestamp that looks like this:
2018-10-28 20:01:33.961 (dont know what the last -60 is!? Nano-seconds? Ticks?)

Maekee · November 18, 2018, 7:33am

Just found out that the time is formatted in Three ways:
yyyy-MM-dd HH:mm:ss.SSS-60
yyyy-MM-dd HH:mm:ss.SSS-120
yyyy-MM-dd HH:mm:ss.SSSSSSS

So guess i have to get the first Three of SSS and throw away the other. Dont know what the -60 and -120 is.

Any ideas out there in the Community?

system · December 16, 2018, 7:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.