Elasticsearch Date Processor not parsing properly

gerard1 · October 22, 2019, 9:24am

I'm trying to parse a log date with an Elasticsearch ingest pipeline, using date processor, but the parsed date is not correct.
All the other pipelines that I've created work correctly, except this one.

Here is what I'm using:

Raw log date: Tue Oct 22 10:58:00.645020 2019
Processor:
"date": { "field": "log.time", "target_field": "@timestamp", "formats": ["EEE MMM dd H:m:s.SSSSSS yyyy"] }
Result: 2019-10-22T00:00:00.000Z

The date shown in the log.time field is correct (Tue Oct 22 10:58:00.645020 2019)

I've also tried the following format, without success: EEE MMM dd HH:mm:ss.SSSSSS yyyy

Glen_Smith · October 23, 2019, 4:21am

Maybe instead of S (fraction-of-second), try n (nano-of-second).

gerard1 · October 23, 2019, 6:59am

Doesn't work neither.

gerard1 · October 23, 2019, 7:05am

Apparently, I was looking at the wrong timestamp field (ingest one)...

Using EEE MMM dd H:m:s.SSSSSS yyyy works.

system · November 20, 2019, 7:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.