Date match issue in logstash filter

whyapenny · March 21, 2017, 6:14pm

"Tue Mar 21 2017 11:55:00 GMT-0400 (EDT)"

Could use a little help figuring out what I have wrong:
date{
match => [ "[ENTRY][Timestamp]", "YYYY-MM-dd HH:mm:ss.SSS Z", "ISO8601", "EEE MMM dd yyyy HH:mm:ss z", "EEE MMM dd yyyy HH:mm:ss Z" ]
}

:exception=>"Invalid format: "Tue Mar 21 2017 12:01:45 GMT-0400 (EDT)" is malformed at "GMT-0400 (EDT)"", :config_parsers=>"YYYY-MM-dd HH:mm:ss.SSS Z,ISO8601,EEE MMM dd yyyy HH:mm:ss z,EEE MMM dd yyyy HH:mm:ss Z", :config_locale=>"default=en_US", :level=>:warn}

dannygoulder · March 21, 2017, 6:54pm

https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html

Try
"EEE MMM dd yyyy HH:mm:ss 'GMT'Z '(EDT)'"

Although you might wish to mutate the field to get rid of the 'GMT' and trailing timezone TLA (since Logstash can't parse these).

Topic		Replies	Views
Unable to match DateTime Format in Logstash filter Logstash	1	281	January 15, 2019
Problem with Logstash date parse Logstash	3	1522	August 30, 2019
[FATAL] 2018-05-04 16:06:38.656 [LogStash::Runner] runner - The given configuration is invalid. Reason: Illegal pattern component: T when trying to parse date Logstash	4	1446	June 1, 2018
Problems parsing time in logstash with date filter Logstash	2	2229	January 26, 2018
Is Z in input time valid for Z in Logstash date filter? Logstash	2	2063	April 21, 2018

Date match issue in logstash filter

Related topics