Hello,
Quite newbie on ELK & Filebeat (using v7.17.0), I'm trying to parse and retrieve the log line date as timestamp from following logs:
Jun 19 22:08:00: WARNING: RCP timeout when waiting for ping response. Disconnecting Connection(S,/172.28.9.191:54284 <RCP /172.28.9.191:35887>)
With my current implementation, filebeat returns the following error:
2023-06-22T15:04:52.952+0200 ERROR instance/beat.go:1015 Exiting: Failed to start crawler: starting input failed: Error while initializing input: failed parsing time field log_time='Jun 21 09:16:38': failed using layout [Stamp] cannot parse [Jun 21 09:16:38] as [Stamp]
failed to parse test timestamp
I used following filebeat configuration as per the information about Go timestamp I could find:
processors:
- dissect:
tokenizer: '(?<log_time>%{MONTH} %{MONTHDAY} %{TIME}): %{GREEDYDATA:log}'
field: "message"
target_prefix: ""
- timestamp:
field: log_time
layouts:
- Stamp
test:
- 'Jun 21 09:16:38'
- drop_fields:
fields: [log_time]
Can you help me understandinh what's wrong ?
Many thanks in advance.
NOTE: I also tried using "stamp" (without capital letter) to verify it was not a case issue but not working as well