Date filter for logstash seems to change date to older value

raazeev64 · April 3, 2017, 10:26am

I am parsing logs in the format

2017-04-03 05:48:16,129....

I am parsing this using grok as

match => {"message" => "%{TIMESTAMP_ISO8601:timestamp},.*\|%{DATA:logLevel}\|.*\|.*\|.*\|.*\|.*\|%{DATA:service}\|.*\|.*\|.*\|%{DATA:successMsg} :%{USERNAME:loginUser}"}

After this I am applying date filter to get timestamp value as -

    date {
    							match => [ "timestamp", "yyyy-mm-dd HH:mm:ss" ]
    							target => "timestamp"
    						}

The value I receive in elastic is offset by 3 months.
ie - 2017-04-03 05:48:16 is coverted to January 3rd 2017, 05:48:16

All other fields are fine. Where am I going wrong?

magnusbaeck · April 3, 2017, 11:09am

Use "MM" for the month, not "mm".

raazeev64 · April 3, 2017, 1:06pm

Thank you so much!!
Had been hunting down the logs and config files.

Thanks again.

system · May 1, 2017, 1:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.