How should I filter this date?

AbelAlejandro · August 12, 2021, 10:08am

My logs are TSVs that look like the following:

|timestamp_fmt|timestamp_ms|key|tictoc_ms|mem_jvm|mem_phy_os|tags|comment|
|---|---|---|---|---|---|---|---|
|2021-08-11T13-55-39.202|1628682939202|SCENARIO|TIC|4548715304|11172929536||Dashboard-SomeTest|
|2021-08-11T13-55-39.207|1628682939207|STEP|TIC|4548715304|11172954112||I login as 'admin'|

But there's a T in my Date and I when I try to add that date format it is not correctly recognized by Elastic.

filter {
  grok {
    match => ["message", "%{DATA:timestamp} .*"]
  }
  date {
    match => ["timestamp", "HH:MM:ss.SSSZZZ"]
  }
}

Badger · August 12, 2021, 3:16pm

The pattern has to match every single character in the field it is trying to parse.

The grok makes no sense to me. It is not going to find a space to terminate the [timestamp] field until it gets to I login as 'admin'.

system · September 9, 2021, 3:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timestamp => @timestamp Logstash	17	4043	June 14, 2017
Date FIlter - _dateparsefailure [SOLVED] Logstash	21	21576	November 4, 2022
Date filter in logstash.conf not parsing the date while grok parses it by timestamp_iso8601 Logstash	21	27371	July 6, 2017
Logstash date extraction help Logstash	3	612	December 26, 2016
_dateparsefailure again Logstash	3	1148	June 27, 2017

How should I filter this date?

Related Topics