@Vijay Radha There is an error on your grok parser end_time is returned blank, I had to change it to GREEDYDATA. %{CUS_TIME_FORMAT:start_time} %{IP:ip_src_addr} %{GREEDYDATA:end_time} the dateFormat field seems to take only one date format so we can not use multiple date format definitions. Removing the end_time from the timeFields you can ingest the data.
... View more
