Date match issue in logstash filter

whyapenny · March 21, 2017, 6:14pm

"Tue Mar 21 2017 11:55:00 GMT-0400 (EDT)"

Could use a little help figuring out what I have wrong:
date{
match => [ "[ENTRY][Timestamp]", "YYYY-MM-dd HH:mm:ss.SSS Z", "ISO8601", "EEE MMM dd yyyy HH:mm:ss z", "EEE MMM dd yyyy HH:mm:ss Z" ]
}

:exception=>"Invalid format: "Tue Mar 21 2017 12:01:45 GMT-0400 (EDT)" is malformed at "GMT-0400 (EDT)"", :config_parsers=>"YYYY-MM-dd HH:mm:ss.SSS Z,ISO8601,EEE MMM dd yyyy HH:mm:ss z,EEE MMM dd yyyy HH:mm:ss Z", :config_locale=>"default=en_US", :level=>:warn}

dannygoulder · March 21, 2017, 6:54pm

https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html

Try
"EEE MMM dd yyyy HH:mm:ss 'GMT'Z '(EDT)'"

Although you might wish to mutate the field to get rid of the 'GMT' and trailing timezone TLA (since Logstash can't parse these).

system · April 18, 2017, 6:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Issue with date format Logstash	8	1276	December 25, 2019
Unable to match DateTime Format in Logstash filter Logstash	1	268	January 15, 2019
Help with match date 2019-12-04 06:34:33.850000+00:00 Logstash	8	621	January 7, 2020
Logstash-filter-date issue Logstash	1	278	January 4, 2019
Problem Parsing Date field Logstash	5	293	July 30, 2019

Date match issue in logstash filter

Related Topics