This site helps with the date/time formats used: http://joda-time.sourceforge.net/apidocs/org/joda/time/format/DateTimeFormat.html This is a useful site for debugging grok expressions: http://grokdebug.herokuapp.com/