"_dateparsefailure" of UNIX time

ssasporta · February 6, 2018, 4:31pm

Hi,

The input events from filebeat looks like that:

{"@timestamp":"2018-02-06T16:12:59.892Z","beat":{"hostname":"velastic","name":"velastic","version":"5.4.1"},"fields":{"fields_under_root":true,"type":"uxform"},"input_type":"log","message":"TransactionID: 74667ba4-4f82-4c37-a041-466596d4c700 start[1516144217530] time[0] tag[com.core.security.SecurityFilter.inbound]","offset":1831,"source":"/home/ElasticForTest/uxform.log","type":"log"}

My Filter in Logstash is:

       grok {                      
             break_on_match => true
             keep_empty_captures => false
             match => {
                  message => [ "TransactionID: %{DATA:TransactionID}\s*start\[%{DATA:start}\]\s*time\[%{NUMBER:time}\]\s*tag\[%{DATA:tag}\]\s*" ]
             }
             patterns_dir => "/etc/logstash/patterns"
       }
       
       date {
	                   match => [ "start", "UNIX" ]
	                   target => "start"
         }

The problem is that I am getting:

"tags" => [
[0] "beats_input_codec_plain_applied",
[1] "_dateparsefailure"

Any Idea to solve it?

Thanks
Sharon.

Badger · February 6, 2018, 4:54pm

Use UNIX_MS rather than UNIX?

system · March 6, 2018, 4:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
_dateparsefailure csv date time YYYY-MM-dd HH:mm:ss Logstash	1	381	July 17, 2020
_grokparsefailure with date, but not without it Logstash	4	1101	April 28, 2017
@Timestamp is not matching event timestamp _dateparsefailure Logstash	3	162	November 2, 2023
[ERROR] Logstash: _dateparsefailure for xml output using the date plugin Logstash docker	2	306	January 4, 2024
_dateparsefailure in tags Logstash	3	287	August 11, 2020

"_dateparsefailure" of UNIX time

Related topics