I am trying to parse the data in my Syslog log message using different patterns like %SYSLOGTIMESTAMP:syslog_timestamp} , %{MONTH} +%{MONTHDAY} %{TIME} but am unable to parse the message.
Message I am trying to parse "september 09 09:50:08 "
both the patterns work when I put 'S' in september. But I receive my log as <13> september 09 09:50:08.
Can anyone suggest a way to parse this date format without changing the log message that I receive?
Thanks.
You could upgrade to a more recent version, since this was fixed in 2016. Or just use a custom pattern that looks like the current definition.
try the following pattern
september 09 09:50:08
%{MONTH:month} %{MONTHDAY:day} %{TIME:time}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.