+1Hey Everyone,
Have anyone handled Julian time format in parsers? I has “day of the year” and I am not sure how to handle this?
Julian Time format - 202528209:12:13
Description of the time: 2025(year)282(day of the year)09:12:13(time)
Let me know if anyone has handled this previously in parsers? or it is possible to handle or not?
Thank you,
+8This is possible.
You need to use the date filter plugin. First, grok the string 202528209:12:13 into a temporary field, then use the date filter to parse it with the specific format pattern yyyyDDDHH:mm:ss
filter {
grok {
match => { "message" => "^%{DATA:log_timestamp} %{GREEDYDATA:rest_of_message}" }
}
if [log_timestamp] {
date {
match => [ "log_timestamp", "yyyyDDDHH:mm:ss" ]
target => "event.idm.read_only_udm.metadata.event_timestamp"
on_error => "date_parse_failure"
}
}
}You will find the date function listed under the section "Transform data using other functions”:
Parser syntax reference | Google Security Operations | Google Cloud Documentation
+1Hi,
I have already tried this yyyyDDDHH:mm:ss pattern but it is not working. “DDD” is not working for “day of year”.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.