Failed to parse a date field in Logstash

dedi27 · October 29, 2021, 1:57pm

Fail to parse a date field in Logstash

Hello,
I'm trying to parse a date field from a log file coming from an Exim Mail Server where I have a date string like this "2021-10-28 15:44:40".
In my filter in Logstash, first I apply a "mutate" filter and add a timezone where the date field looks like this "2021-10-28 15:44:40 -0300"
But when a trying to parse date format, I got the error below.
My question is how I can do this?
My setup is this.

The index mapping is this.

And the error I getting is this.

Badger · October 29, 2021, 2:03pm

In logstash, unlike Elasticsearch or kibana, the syntax to reference a nested field in an object is "[exim4][datetime]", not "exim4.datetime".

dedi27 · October 29, 2021, 2:36pm

I fixed this by editing my index template and adjusting the date field format in Kibana as below.

It's working now.

Topic		Replies	Views
Failed to parse [date] Logstash	6	2607	June 2, 2018
Failed parsing date from field using logstash Logstash	8	1202	July 6, 2017
Failed to parse date Logstash	5	1191	December 2, 2019
Failed parsing date from field - how to troubleshoot Logstash	2	1059	July 6, 2017
Logstash couldn't index date field for few log lines Logstash	4	534	July 12, 2019

Failed to parse a date field in Logstash

Related topics