__dateparsefailure trying match date

SamuelF · September 15, 2017, 8:39pm

Hi,

I'm trying to match timestamp from log file and i have an _dateparsefailure

This is my grok pattern (it match) :
grok {
match => { "message" => ["\[(?<logtimestamp>%{MONTHDAY}-%{MONTH}-%{YEAR}\s+%{TIME})\] %{DATA:level}:\s?(?:\[%{DATA:pool}\])?\s?%{GREEDYDATA:infos}"] }
}

my date filter:
date {
locale => "fr"
timezone => "Europe/Paris"
match => [ "logtimestamp", "dd-MMM-yyyy HH:mm:ss" ]
}
(I already try without locale and timezone set)

an example of input:
[15-Jan-2017 16:53:35] WARNING: Too many warnings call warning owner.

And the result of :
{
"logtimestamp" => "15-Jan-2017 16:53:35",
"@timestamp" => 2017-09-15T20:20:29.133Z,
"level" => "WARNING",
"@version" => "1",
"infos" => "Too many warnings call warning owner.",
"tags" => [
[0] "_dateparsefailure"
]
}

As you see, my match fail... Do I miss something ?
Thanks for your future answers
Samuel.

magnusbaeck · September 16, 2017, 5:16am

Look in your Logstash log. The date filter will tell you more about why it's failing to parse.

system · October 14, 2017, 5:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Data parsing error - _dateparsefailure Logstash	3	2846	August 3, 2017
Completly lost with how to parse date Logstash	2	286	August 5, 2019
Date filter dateparsefailure Logstash	2	297	February 7, 2020
Unable to write matching date pattern in log stash Logstash	8	2212	July 6, 2017
Logstash _dateparsefailure error Logstash	6	17316	July 6, 2017

__dateparsefailure trying match date

Related topics