Json date is not parsing to @timestamp

I'm new to logstash and I'm trying to index json data into Elastic search with logstash and my data has datetime field, and I'm trying to use that field as @timestamp but I could not parse it to the field. Any suggestions or corrections to my code will help. Thanks in advance.

the following is my simple test data and config.

 echo '{"ReportID": "764678", "Timestamp": "2020-04-23 18:02:21"}'| ./bin/logstash -e 'input { stdin{  } } filter { date {  match => [ "Timestamp", "yyyy-MM-dd HH.mm.ss", "ISO8601"] target="@timestamp"  } } output { stdout { codec => rubydebug }}'

{"logstash.version"=>"7.6.2"}

The actual output:
{
    "@timestamp" => 2020-04-23T19:37:50.420Z,
      "@version" => "1",
       "message" => "{\"ReportID\": \"764678\", \"Timestamp\": \"2020-04-23 18:02:21\"}",
          "host" => "myserver.com"
}


Expected output:

{
    "@timestamp" => 2020-04-23T18:02:210Z,
      "@version" => "1",
       "message" => "{\"ReportID\": \"764678\", \"Timestamp\": \"2020-04-23 18:02:21\"}",
          "host" => "myserver.com"
}

it is converting your timestamp to UTC.
looks like you are one hour behind UTC

the actual output has UTC time but it is not converting from input date--please see the minutes and seconds part.

Try

json { source => "message" }
date { match => [ "Timestamp", "YYYY-MM-dd HH:mm:ss" ] }

Thank you Badger.
json filter did fix the issue, I just need to adjust my date and format in my data.

the below is working command with date parsed to UTC.

 echo '{"ReportID": "764678", "Timestamp": "2020-04-23T10:02:21"}'| ./bin/logstash -e 'input { stdin{ codec => json } } filter { json { source => "message" } date {  match => [ "Timestamp", "ISO8601"] timezone=>"Etc/UTC"} } output { stdout { codec => rubydebug }}'

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.