Json date is not parsing to @timestamp

Elastic Stack Logstash
1

I'm new to logstash and I'm trying to index json data into Elastic search with logstash and my data has datetime field, and I'm trying to use that field as @timestamp but I could not parse it to the field. Any suggestions or corrections to my code will help. Thanks in advance.

the following is my simple test data and config.

 echo '{"ReportID": "764678", "Timestamp": "2020-04-23 18:02:21"}'| ./bin/logstash -e 'input { stdin{  } } filter { date {  match => [ "Timestamp", "yyyy-MM-dd HH.mm.ss", "ISO8601"] target="@timestamp"  } } output { stdout { codec => rubydebug }}'

{"logstash.version"=>"7.6.2"}

The actual output:
{
    "@timestamp" => 2020-04-23T19:37:50.420Z,
      "@version" => "1",
       "message" => "{\"ReportID\": \"764678\", \"Timestamp\": \"2020-04-23 18:02:21\"}",
          "host" => "myserver.com"
}


Expected output:

{
    "@timestamp" => 2020-04-23T18:02:210Z,
      "@version" => "1",
       "message" => "{\"ReportID\": \"764678\", \"Timestamp\": \"2020-04-23 18:02:21\"}",
          "host" => "myserver.com"
}
2

it is converting your timestamp to UTC.
looks like you are one hour behind UTC

3

the actual output has UTC time but it is not converting from input date--please see the minutes and seconds part.

4

Try

json { source => "message" }
date { match => [ "Timestamp", "YYYY-MM-dd HH:mm:ss" ] }
5

Thank you Badger.
json filter did fix the issue, I just need to adjust my date and format in my data.

the below is working command with date parsed to UTC.

 echo '{"ReportID": "764678", "Timestamp": "2020-04-23T10:02:21"}'| ./bin/logstash -e 'input { stdin{ codec => json } } filter { json { source => "message" } date {  match => [ "Timestamp", "ISO8601"] timezone=>"Etc/UTC"} } output { stdout { codec => rubydebug }}'
6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.