Fail to parse a date field in Logstash

Hello,
I'm trying to parse a date field from a log file coming from an Exim Mail Server where I have a date string like this "2021-10-28 15:44:40".
In my filter in Logstash, first I apply a "mutate" filter and add a timezone where the date field looks like this "2021-10-28 15:44:40 -0300"
But when a trying to parse date format, I got the error below.
My question is how I can do this?
My setup is this.

Screenshot_7774×459 12.1 KB

The index mapping is this.

InkedScreenshot_6_LI803×458 33.4 KB

And the error I getting is this.

Screenshot_51875×392 31.4 KB

In logstash, unlike Elasticsearch or kibana, the syntax to reference a nested field in an object is "[exim4][datetime]", not "exim4.datetime".

I fixed this by editing my index template and adjusting the date field format in Kibana as below.

Screenshot_11715×774 34.6 KB

Screenshot_81586×758 58.2 KB

It's working now.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.