Date parsing [5.6.2]

cperriot · October 10, 2017, 1:08pm

trying to parse:

2016-03-27 01:45:00
2016-02-20 02:15:00
2017-10-10 09:57:46

with the following config:

input {
file {
sincedb_path=>"sincedb"
path => "/xxxxxxx/export_test.txt"
start_position => "beginning"
}
}

filter {
csv {
columns => ["start"]
separator => ","
}

date {
locale => "en"
match => ["start", "YYYY-MM-dd HH:mm:ss"]
timezone => "Europe/London"
target => "@timestamp"
}

the result is :

{
"duration" => 2,
"path" => "/users/cperriot/logstash-5.6.2/bin/export_test.txt",
"@timestamp" => 2017-10-10T12:55:18.085Z,
"@version" => "1",
"host" => "xxx.fr.intranet",
"start" => "2016-03-27 01:45:00",
"message" => "2016-03-27 01:45:00\r",
"tags" => [
[0] "_dateparsefailure"
]
}
{
"duration" => 3,
"path" => "/users/cperriot/logstash-5.6.2/bin/export_test.txt",
"@timestamp" => 2016-02-20T10:15:00.000Z,
"@version" => "1",
"host" => "xxx.fr.intranet",
"start" => "2016-02-20 10:15:00",
"message" => "2016-02-20 10:15:00\r",
"status" => "16"
}
{
"duration" => 269,
"path" => "/users/cperriot/logstash-5.6.2/bin/export_test.txt",
"@timestamp" => 2017-10-10T08:57:46.000Z,
"@version" => "1",
"host" => "xxx.fr.intranet",
"start" => "2017-10-10 09:57:46",
"message" => "2017-10-10 09:57:46\r",
"status" => "16"
}

There are 2 things I don't understand,

why the parsing failure, it seems to be linked to the timezone offset but I don't get it.
Why one date stays the same 10:15 whereas the other get offsetted by an hour , 9:57 to 8:57 ?

thank you

cperriot · October 10, 2017, 1:14pm

OK I think I understood the second point: It is taking the date into account to know about winter/summer time.
am i right ?

magnusbaeck · October 10, 2017, 6:45pm

why the parsing failure, it seems to be linked to the timezone offset but I don't get it.

I don't know, but when the date filter fails it will log a message that typically points to the part of the string it has a problem with.

OK I think I understood the second point: It is taking the date into account to know about winter/summer time.
am i right ?

Yes.

Badger · October 10, 2017, 7:04pm

That time is not valid. BST started at 2016-03-27 01:00:00, we skipped straight to 2016-03-27 02:00:00

system · November 7, 2017, 7:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parsing date for @timestamp Logstash	3	266	March 18, 2020
Date parse failure message strange behavior Logstash	3	476	February 3, 2020
Logstash _dateparsefailure Logstash	4	415	August 31, 2018
Logstash Data parsing error - _dateparsefailure Logstash	3	2846	August 3, 2017
Logstash CSV filter - _dateparsefailure from string to date Logstash	3	398	April 1, 2021

Date parsing [5.6.2]

Related topics