Date is not getting converted into right timezone

sachinvy · April 12, 2018, 5:16pm

Hi all,

Here is my filter

Input:

03-27-18 09:32:10,590 [2184] TRACE SFTP <> - [139C9318] msg: 2024502473 Sending SSH_MSG_KEX_31 (139 bytes, seq nr 1)

Filter:

grok{
            match => {"message" => "%{DATESTAMP:date}\,%{NUMBER:msgnum} \[%{NOTSPACE:session}\] %{LOGLEVEL:src} %{GREEDYDATA:msgdata}"}
            #overwrite => ["message"]
        }
        date {
        	match => [ "date", "mm-dd-yy hh:mm:ss"]
            locale => "en-US"
        	timezone => "America/New_York" 
            target => "@timestamp"                  	        	
      	}

Output:

   "date" => "2018-03-25 04:00:00",
        "sc-port" => 21,
     "@timestamp" => 2018-04-12T17:11:39.749Z,

As you can see date is not properly getting converted into @timestamp. Any help would be appreciated.

Thanks

sachinvy · April 12, 2018, 5:20pm

Sorry wrong output. Here is the correct output:

"@timestamp" => 2018-01-27T14:32:10.000Z,
"session" => 2184,
"date" => "03-27-18 09:32:10",

Badger · April 12, 2018, 5:36pm

That should be MM-dd-yy hh:mm:ss, or, more likely, MM-dd-yy HH:mm:ss

sachinvy · April 12, 2018, 8:53pm

You nailed it again Mr Badger. Thank you very very much.

system · May 10, 2018, 8:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.