Nagesh
Reputation: 1
How to parse the date using Date Filter
My log message as below
2016-04-04T12:51:01.05-0500 [App/0] OUT [INFO ] SRVE0250I: Web Module DataWorks has been bound to default_host.
Can someone guide me to write date filter to parse the date in the above message? I also need to convert the date to UTC format after that.
Upvotes: 0
Views: 1751
Answers (1)
Кирилл Полищук
Reputation: 845
As I can see you are using standard ISO8601 date format. You can use following logstash config:
filter {
grok {
match => ["message", "%{TIMESTAMP_ISO8601:timestamp} %{GREEDYDATA:another}"]
}
date {
match => [ "timestamp", "ISO8601" ]
}
}
this will grok your date to timestamp field, and then parse date to UTC to @timestamp field. Read more here:
https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html
Upvotes: 2
Related Questions
- Ignore and move to next pattern if log contains a specific word
- Logstash Grok filter for uwsgi logs
- Logstash Grok - How to parse @timestamp field using HTTPDERROR_DATE pattern?
- Hard to stash a log file with different occurrence of order for a field using Logstash
- grok pattern to parse the logs using logstash
- What should be the logstash grok filter for this log4j log?
- How to format date in Filter in Logstash
- How to format date in Logstash Configuration