HI Team,
I am working on some logs which looks something like below
2018-09-02 23:02:18,358|[[ACTIVE] ExecuteThread: '15' for queue: 'weblogic.kernel.Default (self-tuning)']|ERROR|GlobalExceptionMapper|Unknown|Unknown|Unknown|Unknown|Unknown|HTTP 405 Method Not Allowed
javax.ws.rs.NotAllowedException: HTTP 405 Method Not Allowed
and my logstash conf file as below
filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:weblogtime}\|%{DATA:ThreadDetails}\|%{LOGLEVEL:webtrace}\|%{DATA:loggerclass}\|%{URIPATHPARAM:ServiceURL}\|%{DATA:UserId}\|%{DATA:SessionId}\|%{DATA:TransactionsId}\|%{DATA:ErrorCode}\|%{GREEDYDATA:defaultlogmessage}" }
}
date {
match => [ "weblogtime" , "ISO8601"]
target => @timestamp
}
mutate {
remove_field => [ "message" ]
}
}
I am getting constant dateparsefailure for the above conf,i have find the right match and overwrite with @timestamp.