I have log output with the following messages;
[event] 02/05 09:20:01.8 PM message description
[event] 10/26 09:42:27.0 AM message description
How can I use grok to get the date and time in the above format
The date is 02/05 i.e mm/dd. The year is not defined but is not important as I know its 2020 so there no need to define it
The time is as above example and can be PM and AM
How can i grab the date and time in log stash using grok
I have tried
%{TIME:timestamp} %{GREEDYDATA:Description}
But this captures the Time stamp only as 09:20:01.8 and does not include the PM. It would be good if it converted it to 24 hour.
You can define a custom pattern to match the entire date/time
grok {
pattern_definitions => { "MYTIME" => "%{MONTHNUM}/%{MONTHDAY} %{TIME} [AP]M"
match => { "message" => "%{MYTIME:timestamp}" }
}