Unable to parse datestamp

Nikhil_Pillai · May 13, 2019, 6:56am

Hi,

Unable to parse datestamp as per the following log pattern.
[03/05/19 05:38:00:000 IST] ERROR scheduler.EDISFileReaderTask: @@ Scheduler StepNumber 3 (incoming folder is empty OR it doesn't have EXCEL files) @@

Parsing works in online grok debugger but doesn't work with the grok debugger available in kibana one.

[%{DATESTAMP} %{WORD:TimeZone}] %{WORD:LogLevel} %{DATA:JAVACLASS}: %{GREEDYDATA:message}

Anyone faced similar issue and what was their workaround.

Regards,
Nikhil

Badger · May 13, 2019, 2:13pm

I would do that with dissect rather than grok

dissect { mapping => { "message" => "[%{timestamp} %{+timestamp} %{timezone}] %{loglevel} %{class} %{restOfLine}" } }

Nikhil_Pillai · May 13, 2019, 4:30pm

Was able to make it work using the following grok pattern but thanks anyway.
[%{DATESTAMP:timestamp} %{WORD:TimeZone}] %{WORD:LogLevel} %{JAVACLASS:JAVACLASS}: %{GREEDYDATA:message}

Close thread...

Regards,
Nikhil

Topic		Replies	Views
Parsing date format Logstash	3	1240	May 7, 2021
GROK Date/time filter not working Logstash	3	383	December 19, 2020
Create Grok filter date Logstash	5	975	April 3, 2020
Cannot parse logs with date filter Logstash	4	908	October 18, 2017
Date filter not parsing Logstash	7	635	July 6, 2017

Unable to parse datestamp

Related topics