Using %{MONTHDAY:MONTHDAY}-%{MONTH:MONTH}-%{YEAR:YEAR} %{HOUR:HOUR}:%{MINUTE:MINUTE}

Burga · June 11, 2020, 9:14am

Hi ,

in my grok I'm parsing date column :

match => { "message" => "%{MONTHDAY:MONTHDAY}-%{MONTH:MONTH}-%{YEAR:YEAR} %{HOUR:HOUR}:%{MINUTE:MINUTE}:%{SECOND:SECOND}%{SPACE} %{DATA:loglevel}%{SPACE} \[%{DATA:thread}\]%{GREEDYDATA:message}"}

mutate {
        add_field =>
      {
          "date_created" => "%{MONTHDAY}/%{MONTH}/%{YEAR} %{HOUR}:%{MINUTE}:%{SECOND}"
      }
      }

and instead of getting the message date from the log , I'm getting the creation date in the output file :

 "date_created" => 2020-06-11T08:26:09.707Z,
       "@metadata" => {
             "index" => "catal_log",
              "beat" => "filebeat",
        "ip_address" => "192.168.141.222",
           "version" => "6.8.10",
              "type" => "doc"
    },
      "prospector" => {
        "type" => "log"
    },

Can you please give me a clue what is wrong ?

Best Regards.

Jenni · June 11, 2020, 11:46am

When you post the configuration and the output, it would make sense to post the input data as well. Otherwise that's pretty difficult to debug, isn't it? And maybe more of the Logstash configuration would be helpful too because right now I don't understand where that date_created as a Timestamp object in your output is coming from.

system · July 9, 2020, 11:46am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to parse date in grok and filters Logstash	5	617	March 2, 2021
Extract Month and Year from date field Logstash	8	5709	December 20, 2019
Problem date parsing Logstash	5	553	May 26, 2017
Parsing date field value using grok match Logstash	2	460	July 6, 2017
_dateparsefailure again Logstash	3	1148	June 27, 2017

Using %{MONTHDAY:MONTHDAY}-%{MONTH:MONTH}-%{YEAR:YEAR} %{HOUR:HOUR}:%{MINUTE:MINUTE}

Related topics