Hi I tried to get the pattern for apache error timestamp but all failed The timestamp is used in elasticsearch is when it is indexed not the time of the error [image] e.g. [Sun Feb 05 00:32:24.992868 2017] [mpm_winnt:notice] [pid 8776:tid 168] AH00354: Child: Starting 150 worker threads., Chil…

I found the issue. It is because of the date format in the date filter I used "," instead of "." and use SSS intead of SSSSSS And in case you do not need these milli or micro seconds you can use the gsub to remove the 6 or 3 numbers after the . before you give it to the date filter -- Thanks al…

Discuss the Elastic Stack

Apache Error logs timestamp

Elastic Stack Logstash

jkuang (Jimmy Kuang) April 11, 2017, 6:21pm 4

I believe what you're asking is how to update the @timestamp to the date time your error occurred. The reason you have multiple timestamp is because you declared a timestamp variable.

Take a look at the discussion below:

Topic		Replies	Views
How to parse apache error.log Logstash	3	364	April 25, 2022
Dateparsefailure: change @timestamp to timestamp for apache php error log Logstash	11	2323	June 9, 2017
Date parsing logstash Logstash	5	183	January 30, 2024
Time mismatch @timestamp and message Logstash	12	1277	February 28, 2020
Debug code of file config to get log Logstash	2	363	July 6, 2017

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Apache Error logs timestamp

Related topics