AM to PM timestamp conversion not working as expected


(Ashok Nair) #1

Following is my input data stream:
<Dec 16, 2017 10:21:07 PM> <Starting WebLogic server with command line: /pmck2o/admin/user_projects/ohsdomain/bin/startWebLogic.sh >

I am using this filter in logstash:
grok{
match=>{"message"=>"<%{DATA:timestamp}> <%{DATA:error_type}> <%{DATA:java_class}> <%{GREEDYDATA:description}>"}
}

date {
match => ["timestamp", "MMM d, yyyy H:m:s a"]
target => "@timestamp"
}

Following is the issue we are facing with the data in kibana:
We are hoping to get the timestamp as it is converted into AM or PM depending on the incoming data.

For example:<Dec 16, 2017 10:21:07 PM> should be interpreted as December 16th 2017, 22:21:07.000 in the @timestamp field in kibana. However, it getting interpreted as December 16th 2017, 10:21:07.000

I would appreciate it if someone can point me to what I am doing wrong in the logstash conf file.

I am currently using ELK 5.2.


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.