_dateparsefailure mapping date and time to @timestamp field

Wilks · April 28, 2021, 12:24pm

I am getting a _dateparsefailure when I try to map the date and time the log arrived to the @timestamp field. Below is my filter, if I comment out the attempt to map to @timestamp I dont get a _dateparsefailure so it somethhing with match => [ "timestamp", "yyy-MM-dd HH:mm:ss"]
The log is as follows:

2021-04-22-07.29.58.938095

grok   {

       pattern_definitions => {
                      "CUSTOMTIMESTAMP" => "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}\S+%{HOUR}.%{MINUTE}.%{SECOND}"
        }
        match => { "message" => [ "%{CUSTOMTIMESTAMP:timestamp}
        }


date {
        match => [ "timestamp", "yyyy-MMM-dd HH:mm:ss" ]
        target => "@timestamp"
      }

leandrojmp · April 28, 2021, 1:50pm

The string of your timestamp needs to match the pattern in the date filter, which is not happening.

Your pattern in the date filter is yyyy-MMM-dd HH:mm:ss, this pattern will expect a date with the following format: 2021-Apr-28 10:47:23, for example.

Your date is in the format 2021-04-22-07.29.58.938095, so it won't match.

Try to use this pattern in the date filter: yyyy-MM-dd-HH.mm.ss.SSSSSS

Wilks · April 28, 2021, 4:17pm

Worked. THX

system · May 26, 2021, 4:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date filter dateparsefailure Logstash	2	297	February 7, 2020
_dateparsefailure when trying to overwrite @timestamp Logstash	8	149	June 7, 2024
"_dateparsefailure" When trying to overwrite @timestamp field Logstash	8	138	February 27, 2024
_dateparsefailure csv date time YYYY-MM-dd HH:mm:ss Logstash	1	381	July 17, 2020
Logstash _dateparsefailure Logstash	4	415	August 31, 2018

_dateparsefailure mapping date and time to @timestamp field

Related topics