Date filter for minor changes in format

userR · August 14, 2019, 8:17pm

Mar 3, 2019 9:40:30,734 PM
Mar 11, 2019 11:20:10,114 PM

I have to parse logs with the following formats. The first date does not have a 0 in front of the 3. This also applies to the hours portion. I am unsure how I would use the date filter for both formats.

This is my current date config. Will it have trouble reading from days and hours in the single digits?

date {
      match => ["logdate", "MMM dd, YYYY KK:mm:ss,SSS a"]
      target => "logdate"
    }

Badger · August 14, 2019, 9:26pm

When the day is a single digit is there one space or two between it and the month?Similarly for the hour.

userR · August 14, 2019, 9:40pm

Just one space

Badger · August 14, 2019, 10:22pm

OK, then "MMM dd, YYYY KK:mm:ss,SSS a" will parse both.

userR · August 19, 2019, 9:07pm

Was recently able to try this. Was unable to select "logdate" as my timestamp when I was creating the kibana index. I assume its unable to recognize logdate as an actual date stamp.

system · September 16, 2019, 9:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Date Filter not working on Kibana Logstash	10	893	September 18, 2020
Date filter for logstash Logstash	5	437	March 19, 2018
Kibana not recognizing logstash date filter Logstash	2	299	September 17, 2019
Date filter not working with json log Logstash	3	1501	January 4, 2019
Logstash date filter parsing date Logstash	5	348	July 30, 2019

Date filter for minor changes in format

Related topics