Hi, Im trying to use the date and time in the log as the timestamp in elastic.
this is part of the log
12/27/19 06:46:39
this is the grok and the date filter to use the log date and time to use in the timestamp
grok{
match => {"message" => "%{DATA:date} %{TIME:time}"}
}
date {
match => ["date time", "MM/dd/yy HH:mm:ss"]
target => "@timestamp"
}
how can I achieve this?
Use mutate+add_field with sprintf references to combine date and time into a single field, or else use the pattern definitions option on the grok filter to define a pattern that combines "%{DATE} %{TIME}".
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.