I am trying to learn about grok patterns. When I use "%{DATESTAMP:transtype}" the following "07/04/2016 22:56:00"| date is read. Although when i use "%{DATESTAMP:transtype}|"(i.e with a pipe) the date return is null.
Due to this I am having problems reading data after the pipe because it all turns to null. Kindly help.
Aucun commentaire:
Enregistrer un commentaire