Using grok filter show log timestamp in time

Dear Team,

Kindly help me with this how to do

{
"_index": "env-2020.03.09",
"_type": "_doc",
"_id": "dsfhdsj2e630",
"_version": 1,
"_score": null,
"_source": {
"type": "Monitor Logs",
"host": "efjf4323",
"message": "2020-03-08 08:55:12,415 localq-stats-0 INFO [c.a.j.c.distribution.localq.LocalQCacheManager] ",
"@timestamp": "2020-03-09T10:28:56.460Z",
"@version": "1"

},
"fields": {
"@timestamp": [
"2020-03-09T10:28:56.460Z"
]
},
"sort": [
1583749736460
]
}

Hello,

Can you be more explicit on your request? What exactly do you need to extract with a grok filter?

Dear Marius_Dragomir,

I am trying to extract MY LOG Timestamp to Logstash Timestamp.

######################################################################
Message : "message": "2020-03-08 08:55:12,415 localq-stats-0 INFO [http-nio-8080-exec-25] loggingFilter - Recieved 'GET' request from user
'anonymousUser' accessing from '172.115.133.50' url:'http://www.mercurycards.com/gateway/platform-services/api/v1/maintenance/isMa-intenanceActive'

######################################################################

Need to extract timestamp from the above and replace it with logstash timesatmp

I am passing parameters in .conf file like this

input {
# File paths must be absolute

    file {
            type => "Monitor Logs"
            add_field => { "project" => "estro"}
            path => "/etc/monitor*.log"
            start_position => "beginning"
            sincedb_path => "/dev/opt"
            codec => multiline {
            pattern => "^%{TIMESTAMP_ISO8601}"
            negate => true
            what => "previous"
            }

}
}

filter {
grok {
match =>{
"message" => "^%{TIMESTAMP_ISO8601}"}

}

date {
match => ["@timestamp" , "(?[\d-\s:]+)"]
target => "@timestamp"
timezone => "UTC"
}
}

output {

    elasticsearch{

hosts=>["localhost:9200"]
index=>"estros"
}
#stdout{codec=> rubydebug }
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.