Another EPOCH time dateparse failure

guruprasadh4 · November 8, 2017, 3:14pm

Sample Log file-
IDENTIFIER TIMESTAMP T C RESOURCE_NAME DESCRIPTION
C6E26F3B 1002042417 I H hdisk111 BACK-UP PATH STATUS CHANGE
C6E26F3B 1002042417 I H hdisk103 BACK-UP PATH STATUS CHANGE

Logstash config file-
input {
file {
path => "/home/elkuser/KP/LogData/errpt/server_lun_info1.log"
start_position => "beginning"
sincedb_path => "/dev/null"
codec => multiline {
pattern => "^\A%{HOSTNAME:IDENTIFIER}%{SPACE}%{NUMBER:TIMESTAMP}"
negate => "true"
what => "previous"
max_lines => 1000
}
}
}
filter
{
grok { match => [ "message", "\A%{HOSTNAME:IDENTIFIER}%{SPACE}+%{NUMBER:TIMESTAMP}%{SPACE}+%{PROG:T}%{SPACE}+%{PROG:C}%{SPACE}+%{PROG:TIMESTAMP}%{SPACE}+%{GREEDYDATA:DESCRIPTION}" ]
overwrite => [ "message" ]
}
mutate {
convert => {"TIMESTAMP" => "integer"}
}
date{ match => [ "TIMESTAMP", "UNIX" ]
target => "TIMESTAMP"
}
}
output {
elasticsearch {
hosts => "9.109.184.72:9200"
index => "kp-epims-errpt"
template_overwrite => true
}
stdout {
codec => rubydebug
}
}

Error Message:

   "path" => "/home/elkuser/KP/LogData/errpt/server_lun_info1.log",
 "@timestamp" => 2017-11-08T15:02:13.012Z,
          "C" => "S",
          "T" => "T",
"DESCRIPTION" => "SOFTWARE PROGRAM ERROR",
  "TIMESTAMP" => [
    [0] 1001234217,
    [1] 0
],
   "@version" => "1",
       "host" => "analyticslab72.in.ibm.com",
 "IDENTIFIER" => "DC73C03A",
    "message" => "DC73C03A   1001234217 T S fscsi2         SOFTWARE PROGRAM ERROR",
       "tags" => [
    [0] "_dateparsefailure"
]

}
{
"path" => "/home/elkuser/KP/LogData/errpt/server_lun_info1.log",
"@timestamp" => 2017-11-08T15:02:13.012Z,
"C" => "S",
"T" => "T",
"DESCRIPTION" => "SOFTWARE PROGRAM ERROR",
"TIMESTAMP" => [
[0] 1001234217,
[1] 0
],
"@version" => "1",
"host" => "analyticslab72.in.ibm.com",
"IDENTIFIER" => "DC73C03A",
"message" => "DC73C03A 1001234217 T S fscsi2 SOFTWARE PROGRAM ERROR",
"tags" => [
[0] "_dateparsefailure"

Please review and let me know further.

Thanks!

guruprasadh4 · November 8, 2017, 6:48pm

Well never mind, this one I was able to fix.
Thanks!

system · December 6, 2017, 6:48pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date parse failure and date formatter issue Logstash	11	2545	December 7, 2017
Another one _dateparsefailure error Logstash	3	594	February 23, 2017
Date parse failure message strange behavior Logstash	3	476	February 3, 2020
Dataparsefailure problem Logstash	3	346	May 23, 2018
Logstash _dateparsefailure error Logstash	6	17316	July 6, 2017

Another EPOCH time dateparse failure

Related topics