I got a "tags:["_dateparsefailure"]" in my logstash rubydebug

Elastic Stack Logstash
1

my log's data is :
2018-03-29.14:08:16.117 http-apr-8180-exec-10 INFO CouponServiceImpl 3952a0e3aa444bc19cbe69af2e3bf459 : xxxxxxxxxxxxxxxxxxxxxxxxxxx

my filter is :
filter {
if [type] == 'sq-strategy-web_log' {
ruby {
init => "@kname = ['head', 'log_content']"
code => "
new_event = LogStash::Event.new(Hash[@kname.zip(event.get('message').split(' : '))])
new_event.remove('@timestamp')
event.append(new_event)
"
}
if [head] {
ruby {
init => "@kname = ['threadPool', 'log_level', 'javaClass', 'traceId']"
code => "
event.set('log_date', event.get('head').split(' ')[0])
new_event = LogStash::Event.new(Hash[@kname.zip(event.get('head').split(' ')[1..-1])])
new_event.remove('@timestamp')
event.append(new_event)
"
remove_field => ["head"]
}
}
mutate {
convert => [
"logSort", "integer"
]
remove_field => ["beat", "offset", "@version", "message", "kafka"]
}
date {
match => ["log_date", "yyyy-MM-dd.HH:mm:ss.SSSZ"]
}
}
}

In my kibana, the timestamp is ok , the log_data is right too,both consistent with current time,but,there is a “tags _dateparsefailure”,This makes me very unhappy,please help me,sos!!!

2

2018-03-29.14:08:16.117
yyyy=2018
MM=03
dd=29
HH=14
mm=08
ss=16
SSS=117
Z=???

You gave the pattern a timezone part, but your log doesn't include it, so the pattern fails.

3

thank you very very much

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.