I have Squid writing logs with a timestamp as dd/MMM/yyyy:HH:mm:ss ZZZZ
"27/Jul/2022:11:55:40 +0100"
I'm sending these logs into Graylog using Filebeat, then parsing the timestamp into individual fields using HTTPDATE in a Grok extractor, so I can get separate Month, Monthday, Year etc fields.
I need to replace the "message received" @timestamp field with the actual "event occurred" timestamp when the event is indexed in Elasticsearch.
How can I convert the Squid timestamp from HTTPDATE into yyyy-MM-dd HH:mm:ss format?
"2022-07-27 11:55:40"
Thanks
EDIT:
Actually I think I have this now. In case it helps anyone else, this was done with a Regex Replacement Extractor:
This is an excellent question for the community. Try it there.