I have a logfile with timestamp as follows Tue, 18 Jul 2017 02:39:45 GMT
What can be the Gork pattern for this I have tried: %{DATESTAMP_RFC2822: timestamp}
But it says not matched in http://grokconstructor.appspot.com/do/match
You have to use a custom pattern for this:
(?<date>%{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{HOUR}:%{MINUTE}:%{SECOND} GMT)
This will match the entire string you provided in a single field called date. Note tough that there is no pattern for the GMT timezone so you either hardcode it, or create a custom pattern yourself there.