I have a log file which has date in following format
"respHdr":{"date":"Tue,%2008%20Jul%202014%2022:08:18%20GMT","expires":"Tue,%2008%20Jul%202014%2022:08:18%20GMT"}
How to parse the given date format using logstash Date filter?
Asked
Active
Viewed 893 times
0
Atul K.
- 352
- 1
- 6
- 16
-
Can you explain your log meaning? – Ban-Chuan Lim Aug 27 '14 at 10:01
-
You need to use grok filter fo this. Regarding the format,you can use Grok debugger(https://grokdebug.herokuapp.com/) in order to see whether your logstash grok filter is working fine or not. – Nirdesh Sharma Aug 27 '14 at 10:08
1 Answers
1
It looks like your log is in JSON format with URLEncoded values in the date field, so the first thing you need to do is add codec=>json to your input, or json { source => message }.
After you have things as events in Logstash, you'll want to decode the date fields:
urldecode { field => 'respHdr.date' }
urldecode { field => 'respHdr.expires' }
And then finally parse the dates in those fields:
date {
target => '@timestamp'
match => [ 'respHdr.date', 'WHATEVER_FORMAT_THAT_DATE_IS' ]
}
date {
target => 'expires'
match => [ 'respHdr.expires', 'WHATEVER_FORMAT_THAT_DATE_IS' ]
}
You'll need to consult logstash date documentation to figure out what format that date is.
Alcanzar
- 16,985
- 6
- 42
- 59