Hello

I am getting _dateparsefailure

This is my actual log:

"message": "protocol=6, source-ip=192.168.1.81, source-port=64737, destination-ip=1.1.1.1, destination-port=443, time=2016/06/15 10:34:17, interzone-trust(public)-dmz(public) outbound, policy=0.
"

This is the content of logstash.log

{:timestamp=>"2016-06-15T10:42:11.903000+0300", :message=>"Failed parsing date from field", :field=>"timestamp", :value=>"2016-06-15 07:39:54", :exception=>"Invalid format: "2016-06-15 07:39:54" is too short", :config_parsers=>"MMM d HH:mm:ss,MMM dd HH:mm:ss,ISO8601", :config_locale=>"default=en_US", :level=>:warn}

And this is my filter conf

grok
{
match => ["message","(?%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME})"]
}
date {
match => ["timestamp", "yyyy-MM-dd HH:mm:ss"]
target => "timestamp"
}

I wonder why the "config_parsers=>" shows "MMM d HH:mm:ss,MMM dd HH:mm:ss,ISO8601" in the logstash.log even after restarting logstash which supposed to be "yyyy-MM-dd HH:mm:ss"?

What would be the correct parser to resolve the error?

Regards
Sumesh MS

I wonder why the "config_parsers=>" shows "MMM d HH:mm:ss,MMM dd HH:mm:ss,ISO8601" in the logstash.log even after restarting logstash which supposed to be "yyyy-MM-dd HH:mm:ss"?

Did you ever have the pattern set to "MMM d HH:mm:ss,MMM dd HH:mm:ss,ISO8601"?

No, I haven't set the pattern anywhere in logstash config files . In fact am having fresh filter config .

Regards
Sumesh

Any other options to find out?

Regards
Sumesh