match logstash correct date format

Question

I have some logs files with the following timestamp format : 2014-04-22 16:08:22,455

I would like to know which is the correct config filter to parse it.

I have the following pattern:

DATE (\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3})

This is my grok filter:

grok {
  patterns_dir => "./patterns"
  match => ["message", "%{DATE:date}"]  
}

But then I don't know what to put in the filter date, I know that it's not

date {
  match => ["date","YYYY-MM-dd HH:mm:ss"]
}

Thanks in advance for your help.

Krešimir Nesek Krešimir Nesek · Accepted Answer · 2014-04-22T20:44:43

If your grok works correctly (e.g. you get the "date" field with the contents of your log date correctly groked (parsed) in the output, then this should work:

date {
    match => [ "date" , "yyyy-MM-dd HH:mm:ss,SSS" ]
}

match logstash correct date format

1 Answers