Date Time parsing problems

Elastic Stack Logstash
1

Hello
I have a bunch of dates to sort, this is the format I have:

2018-05-12 00:00pm GMT (always 00:00pm)
2021-04-01 1:17am GMT

If I try to ingest with no template, elasticsearch detects them as a string, but if I map them as a Date I get this error:
{"type"=>"illegal_argument_exception", "reason"=>"failed to parse date field [2020-08-22 00:00pm GMT] with format [strict_date_optional_time||epoch_millis]", "caused_by"=>{"type"=>"date_time_parse_exception", "reason"=>"Failed to parse with all enclosed parsers"}

I've selected all options, always with the same result, as far as I know the date time string is valid, any idea?

2

You need to use "match" setting in date filter to provide all your date formats.

https://www.joda.org/joda-time/key_format.html

3

Thanks for your answer, but I have another question :S
I'm reading about parsing string to date, but I must say its not so clear. But I've learned several things.
Let's ask:
I have two fields with dates like:

2021-07-15 8:18 AM

I'm trying with configs like:

      date {
        match => [ "myField", "yyyy-mm-dd hh:mm" ]
        target => "myField"
      }

I get no errrors, but "The indices which match this index pattern don't contain any time fields."
If I try to set the date mapping, then, again, error parsing....

What I'm doin' wrong?

4

What contains [myField]? Just date or is it entire log?

5

Just the datetime with a format like "2021-07-15 8:18 AM"

6

Month should be in capital letters.

7

Working, but with some "features", thanks @mad_dog!

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.