I am parsing logs in the format
2017-04-03 05:48:16,129....
I am parsing this using grok as
match => {"message" => "%{TIMESTAMP_ISO8601:timestamp},.*\|%{DATA:logLevel}\|.*\|.*\|.*\|.*\|.*\|%{DATA:service}\|.*\|.*\|.*\|%{DATA:successMsg} :%{USERNAME:loginUser}"}
After this I am applying date filter to get timestamp value as -
date {
match => [ "timestamp", "yyyy-mm-dd HH:mm:ss" ]
target => "timestamp"
}
The value I receive in elastic is offset by 3 months.
ie - 2017-04-03 05:48:16 is coverted to January 3rd 2017, 05:48:16
All other fields are fine. Where am I going wrong?