Failed to parse a date field in Logstash

dedi27 · October 29, 2021, 1:57pm

Fail to parse a date field in Logstash

Hello,
I'm trying to parse a date field from a log file coming from an Exim Mail Server where I have a date string like this "2021-10-28 15:44:40".
In my filter in Logstash, first I apply a "mutate" filter and add a timezone where the date field looks like this "2021-10-28 15:44:40 -0300"
But when a trying to parse date format, I got the error below.
My question is how I can do this?
My setup is this.

The index mapping is this.

And the error I getting is this.

Badger · October 29, 2021, 2:03pm

In logstash, unlike Elasticsearch or kibana, the syntax to reference a nested field in an object is "[exim4][datetime]", not "exim4.datetime".

dedi27 · October 29, 2021, 2:36pm

I fixed this by editing my index template and adjusting the date field format in Kibana as below.

It's working now.

system · November 26, 2021, 2:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Failed to parse date field Logstash	5	4626	June 15, 2021
Failed parsing date from field - how to troubleshoot Logstash	2	1011	July 6, 2017
Parsing date format error Logstash	3	761	October 24, 2018
Dateparse failure When trying to get date from xml file Logstash	8	656	May 14, 2020
Failed parsing date from field Logstash	2	867	July 6, 2017

Failed to parse a date field in Logstash

Related Topics