_dateparsefailure

Lucifer_hbp · December 23, 2016, 8:17am

Hi,
How to write grok match for following date in logstash:
20161219T003209.939-05:00

I have tried following but it is giving "_dateparsefailure:"

date{
match => [ "timestamp" , "yyyyMMddHHmmss.SSSZ" ]
}

Any help please!!!

jsvd · December 23, 2016, 5:53pm

your format has T in the middle, so you need this instead:

filter { date { match => [ "message" , "yyyyMMdd'T'HHmmss.SSSZ" ] } }

Lucifer_hbp · January 2, 2017, 12:52pm

Sry for the delayed reply, this pattern worked

Thanks alot !!

system · January 30, 2017, 12:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.