"_dateparsefailure" of UNIX time

ssasporta · February 6, 2018, 4:31pm

Hi,

The input events from filebeat looks like that:

{"@timestamp":"2018-02-06T16:12:59.892Z","beat":{"hostname":"velastic","name":"velastic","version":"5.4.1"},"fields":{"fields_under_root":true,"type":"uxform"},"input_type":"log","message":"TransactionID: 74667ba4-4f82-4c37-a041-466596d4c700 start[1516144217530] time[0] tag[com.core.security.SecurityFilter.inbound]","offset":1831,"source":"/home/ElasticForTest/uxform.log","type":"log"}

My Filter in Logstash is:

       grok {                      
             break_on_match => true
             keep_empty_captures => false
             match => {
                  message => [ "TransactionID: %{DATA:TransactionID}\s*start\[%{DATA:start}\]\s*time\[%{NUMBER:time}\]\s*tag\[%{DATA:tag}\]\s*" ]
             }
             patterns_dir => "/etc/logstash/patterns"
       }
       
       date {
	                   match => [ "start", "UNIX" ]
	                   target => "start"
         }

The problem is that I am getting:

"tags" => [
[0] "beats_input_codec_plain_applied",
[1] "_dateparsefailure"

Any Idea to solve it?

Thanks
Sharon.

Badger · February 6, 2018, 4:54pm

Use UNIX_MS rather than UNIX?

system · March 6, 2018, 4:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.