ES index date format for date/timezone offset

earlsanchez · October 2, 2021, 12:26am

Hello,
We're using Elasticsearch v7.9.

The date format of our mongod logs changed to this:
2021-09-26T03:23:46.515-0700

Now we're getting "_dateparsefailure" during Logstash processing.

I can't find a specific example of how to handle the timezone offset, can someone please help?

Here is our ES index date format:

"format" : "MM/dd/yyyy HH:mm:ss||yyyy-MM-dd HH:mm:ss.SSSSSS||yyyy-MM-dd'T'HH:mm:ss.SSS'Z'||yyyy-MM-dd HH:mm:ss,SSS||yyyy/MM/dd HH:mm:ss||yyyy-MM-dd'T'HH:mm:ss.SSSZZZ||yyyy-MM-dd||epoch_millis"

This is from our Logstash conf file to process the date from logs.

    grok {
      match => { "message" => "%{TIMESTAMP_ISO8601:date} %{WORD:severity} %{GREEDYDATA:message}" }
    }
    mutate { convert => ["severity","string"] }
    date {
	match => [ "date", "yyyy-MM-dd'T'HH:mm:ss.SSSZZZ" ]
	timezone => "America/Los_Angeles"
	target => "date"
    }

This is how Logstash is processing the date field:

"date" => "2021-09-26T03:23:46.515-0700",

TIA

Badger · October 2, 2021, 1:06am

Change ZZZ to ZZ. The target will then be a LogStash::Timestamp object which will be sent to elasticsearch as a number of milliseconds since the epoch (epoch_millis).

system · October 30, 2021, 1:06am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help with match date 2019-12-04 06:34:33.850000+00:00 Logstash	8	621	January 7, 2020
Date format with timezone offset Elasticsearch	4	11732	June 4, 2020
Logstash Date parsing error Logstash	12	406	April 1, 2022
How to correctly parse and index dates into timestamp that have no offset? (Post title renamed) Logstash	7	1859	July 6, 2017
Logstash filter date Logstash	3	283	November 11, 2018

ES index date format for date/timezone offset

Related Topics