Using %{MONTHDAY:MONTHDAY}-%{MONTH:MONTH}-%{YEAR:YEAR} %{HOUR:HOUR}:%{MINUTE:MINUTE}

Burga · June 11, 2020, 9:14am

Hi ,

in my grok I'm parsing date column :

match => { "message" => "%{MONTHDAY:MONTHDAY}-%{MONTH:MONTH}-%{YEAR:YEAR} %{HOUR:HOUR}:%{MINUTE:MINUTE}:%{SECOND:SECOND}%{SPACE} %{DATA:loglevel}%{SPACE} \[%{DATA:thread}\]%{GREEDYDATA:message}"}

mutate {
        add_field =>
      {
          "date_created" => "%{MONTHDAY}/%{MONTH}/%{YEAR} %{HOUR}:%{MINUTE}:%{SECOND}"
      }
      }

and instead of getting the message date from the log , I'm getting the creation date in the output file :

 "date_created" => 2020-06-11T08:26:09.707Z,
       "@metadata" => {
             "index" => "catal_log",
              "beat" => "filebeat",
        "ip_address" => "192.168.141.222",
           "version" => "6.8.10",
              "type" => "doc"
    },
      "prospector" => {
        "type" => "log"
    },

Can you please give me a clue what is wrong ?

Best Regards.

Jenni · June 11, 2020, 11:46am

When you post the configuration and the output, it would make sense to post the input data as well. Otherwise that's pretty difficult to debug, isn't it? And maybe more of the Logstash configuration would be helpful too because right now I don't understand where that date_created as a Timestamp object in your output is coming from.

system · July 9, 2020, 11:46am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.