Date filter question - what happens if two formats match?

GordonM · June 28, 2015, 3:13pm

If date {} ‘s match method is used, and multiple formats are supplied to match against, what happens if more than one format matches? Does it just use the first match made, the last match made, or something else?

date {
match => [ "timestamp", "format1", "format2" ]
}

(Both format 1 and format 2 match.)

magnusbaeck · June 28, 2015, 8:21pm

The patterns are tried in order and the first match wins.

github.com

logstash-plugins/logstash-filter-date/blob/v1.0.0/lib/logstash/filters/date.rb#L221-L232


fieldparsers.each do |parserconfig|
  parserconfig[:parser].each do |parser|
    begin
      epochmillis = parser.call(value)
      success = true
      break # success
    rescue StandardError, JavaException => e
      last_exception = e
    end
  end # parserconfig[:parser].each
  break if success
end # fieldparsers.each

GordonM · June 28, 2015, 11:24pm

Thank you, and especially for taking the time to get the code showing it.

Topic		Replies	Views
Best way to handle different date formats? Logstash	3	1452	January 3, 2019
Multiple Date formats in one file Logstash	4	2512	June 20, 2017
Logstash - Filtering multiple date formats - date_time_parse_exception Logstash	1	461	November 12, 2019
How to handle multiple match in logstash filter Logstash	6	9970	September 8, 2017
Logstash Two Different Date Format Logstash	4	335	March 17, 2020

Date filter question - what happens if two formats match?

Related topics