UltraMekon
Reputation: 1
Convert HTTPDATE timestamp to correct format in Graylog
I have Squid writing logs with a timestamp as dd/MMM/yyyy:HH:mm:ss ZZZZ
"27/Jul/2022:11:55:40 +0100"
I'm sending these logs into Graylog using Filebeat, then parsing the timestamp into individual fields using HTTPDATE in a Grok extractor, so I can get separate Month, Monthday, Year etc fields.
I need to replace the "message received" @timestamp field with the actual "event occurred" timestamp when the event is indexed in Elasticsearch.
How can I convert the Squid timestamp from HTTPDATE into yyyy-MM-dd HH:mm:ss format?
"2022-07-27 11:55:40"
Thanks
EDIT:
Actually I think I have this now. In case it helps anyone else, this was done with a Regex Replacement Extractor:
Upvotes: 0
Views: 359
Answers (1)
Related Questions
- How to parse timestamp as date in opensearch?
- Override @timestamp to get correct correct %{+yyyy.MM.dd} in index name
- failed to parse timestamp elasticsearch
- Date pattern doesn't work as expected in logstash
- Extract timestamp from log message
- Convert timestamp to date for filtering
- convert unix timestamp to datetime in elasticsearch
- How to parse date in elasticsearch 5.x and Filebeat
- Elasticsearch date format
- Logstash change time format