I have an issue with _dateparsefailure
#example from CSV FirstNotifiedAt 31/03/2018 23:58:00
match => ["FirstNotifiedAt", "dd/MM/yyyy HH:mm:ss"]
target => "@timestamp"
The @timestamp in Kibana is still showing the time the CSV was imported and not the "FirstNotifiedAt" time that I'm looking for.
Any help appreciated
In the final event that was exported to Elasticsearch, what is the value of the
FirstNotifiedAt field? I'm not seeing anything obvious from your pattern and the string you pasted in the comment above it
I'm looking in Kibana in the JSON output
"LastNotifiedAt": "02/01/2018 06:25",
If thats what you mean?
Okay, that's the
LastNotifiedAt field. What about
Sorry pasted in the wrong one....although it's the same format.
"FirstNotifiedAt": "01/01/2018 12:22",
The timestamp doesn't include seconds but your date pattern does.
removing the :ss worked. Sort of.
I think this is an issue in the way the csv is produced.
It's a little peculiar as the csv shows the FirstNotifiedAt as a 'custom' format in excel. It is formatted 31/03/2018 23:56:00
- There is a double space between date and time
- There is a :ss
I haven't changed the csv (the export from the software needs to be automated and altering the csv format is a non starter)...losing the :ss isn't critical for my purposes so I guess I'm happy.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.