When I convert start_time : string to date it does not work

angham · April 15, 2019, 4:07pm

help plz
when I convert start_time : string to date it does not work

this is date in the log file : 2019-04-15 15:49:02,988
filter{
grok { match => [ "message", "%{TIMESTAMP_ISO8601:start_time}\s%{LOGLEVEL:level} [%{JAVACLASS:class}]\s(%{GREEDYDATA:thread}) HHH000117: HQL: %{GREEDYDATA:[@metadata][text]}" ]}

date {
target => 'start_time'
match => ["start_time", "yyyy-mm-dd hh:mm:ss,z"] }
}

whyy !!!

Badger · April 15, 2019, 4:37pm

Try

    date {
        target => 'start_time'
        match => ["start_time", "YYYY-MM-dd HH:mm:ss,SSS"]
    }

system · May 13, 2019, 4:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.