rayarnav
New Contributor

Re: grok Pattern for two date format

by New Contributor in Support Questions
‎07-03-2018 09:06 AM
‎07-03-2018 09:06 AM
@Vijay Radha There is an error on your grok parser end_time is returned blank, I had to change it to GREEDYDATA. %{CUS_TIME_FORMAT:start_time} %{IP:ip_src_addr} %{GREEDYDATA:end_time} the dateFormat field seems to take only one date format so we can not use multiple date format definitions. Removing the end_time from the timeFields you can ingest the data. ... View more

Re: Metron Grok parser error on date field

by New Contributor in Support Questions
‎06-28-2018 04:28 AM
‎06-28-2018 04:28 AM
@Bob Van Haute There is an error in the syntax. The correct parser should have quoted timestamp not the brackets. Here is the correct one. "parserConfig": { "grokPath": "/apps/metron/patterns/accesslog", "patternLabel": "ACCESSLOG", "timestampField": "timestamp", "timeFields": ["timestamp"], "dateFormat": "dd/MMM/yyyy:HH:mm:ss Z" }. ... View more
Contact Me
Online
Offline
Last Visited
‎12-21-2018 05:21 AM
Public Statistics
Date Registered ‎06-27-2018 01:53 PM
Last Visited ‎12-21-2018 05:21 AM
Total Messages Posted 3