Failed to parse a date field in Logstash

dedi27 · October 29, 2021, 1:57pm

Fail to parse a date field in Logstash

Hello,
I'm trying to parse a date field from a log file coming from an Exim Mail Server where I have a date string like this "2021-10-28 15:44:40".
In my filter in Logstash, first I apply a "mutate" filter and add a timezone where the date field looks like this "2021-10-28 15:44:40 -0300"
But when a trying to parse date format, I got the error below.
My question is how I can do this?
My setup is this.

The index mapping is this.

And the error I getting is this.

Badger · October 29, 2021, 2:03pm

In logstash, unlike Elasticsearch or kibana, the syntax to reference a nested field in an object is "[exim4][datetime]", not "exim4.datetime".

dedi27 · October 29, 2021, 2:36pm

I fixed this by editing my index template and adjusting the date field format in Kibana as below.

It's working now.

system · November 26, 2021, 2:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.