Date filter for logstash seems to change date to older value

raazeev64 · April 3, 2017, 10:26am

I am parsing logs in the format

2017-04-03 05:48:16,129....

I am parsing this using grok as

match => {"message" => "%{TIMESTAMP_ISO8601:timestamp},.*\|%{DATA:logLevel}\|.*\|.*\|.*\|.*\|.*\|%{DATA:service}\|.*\|.*\|.*\|%{DATA:successMsg} :%{USERNAME:loginUser}"}

After this I am applying date filter to get timestamp value as -

    date {
    							match => [ "timestamp", "yyyy-mm-dd HH:mm:ss" ]
    							target => "timestamp"
    						}

The value I receive in elastic is offset by 3 months.
ie - 2017-04-03 05:48:16 is coverted to January 3rd 2017, 05:48:16

All other fields are fine. Where am I going wrong?

magnusbaeck · April 3, 2017, 11:09am

Use "MM" for the month, not "mm".

raazeev64 · April 3, 2017, 1:06pm

Thank you so much!!
Had been hunting down the logs and config files.

Thanks again.

system · May 1, 2017, 1:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date filter issues Logstash	3	485	July 6, 2017
Date filter in logstash.conf not parsing the date while grok parses it by timestamp_iso8601 Logstash	21	27377	July 6, 2017
_dateparsefailure again Logstash	3	1148	June 27, 2017
Dealing with string date Logstash	5	262	March 25, 2020
Date filter dateparsefailure Logstash	2	297	February 7, 2020

Date filter for logstash seems to change date to older value

Related topics