DATESTAMP_OTHER seems not parsing properly

Adam_M · June 13, 2016, 7:52pm

Hello!

I started playing with Logstash and Kibana and I got stuck with my logfile. I tried different approaches but I just can't parse timestamp properly, elastic keeps mapping that field as string...

Anybody help, please?

The example input is:

Tue May 17 00:13:43 UTC 2016 OrderType: ASK Current_Top_Bid: 453.02 minimum_to_ask: 459.616175 Current_StopLoss: 0 Aborting.

My configuration looks like:

input {
  file {
    path => "C:\logs\logs.log"
    start_position => "beginning"
  }
}

filter {
  grok {
    match => { "message" => "%{DATESTAMP_OTHER:logdate} OrderType: %{WORD:orderType} %{WORD:current_top}: %{BASE10NUM:top_value:float} (maximum_to_bid:|minimum_to_ask:) %{BASE10NUM:value_cash:float} Current_StopLoss: %{BASE10NUM:stoploss:float} %{WORD:action}" }
  }
  
  mutate {
    add_field => [ "cust_time", "%{YEAR} %{MONTH} %{MONTHDAY} %{TIME}"]
  }

  date {
    match => [ "cust_time","yyyy MMM dd HH:mm:ss" ]
    remove_field => [ "cust_time" ]
  }
}

output {
  elasticsearch {
    hosts => ["localhost:9200"]
  }
}

warkolm · June 14, 2016, 6:47am

You need to use the date filter on the logdate field, is that is what you want mapped.

Topic		Replies	Views
Issue with grok and timestamp field in apache logs Logstash	3	1152	July 6, 2017
Cant parse date from log Logstash	5	350	June 16, 2020
Parse logfile date into Kibana's timestamp Logstash	18	4381	May 10, 2017
Logstash Date Filter not working on Kibana Logstash	10	882	September 18, 2020
Logstash : Time Field Logstash	10	2477	February 5, 2018

DATESTAMP_OTHER seems not parsing properly

Related topics