I started out with the intention of setting the Recorddate field to be the @timestamp BUT in order to debug the issues had resorted to one of the the samples from the logstash documentation while I get it working, to reduce the complexity.
Will include the match setting and see how it goes. There was no evidence relating to match setting being mandatory in the logs.
filter {
date{
match => ["Recorddate", "dd-MMM-yyyy HH:mm:ss"]
}
}
In the logs now I get:
Failed parsing date from field {:field=>"Recorddate", :value=>"Recorddate", :exception=>"Invalid format: "Recorddate"", :config_parsers=>"dd-MMM-yyyy HH:mm:ss", :config_locale=>"default=en_US"}
Yet the format I have provided I think it correct.
The error message suggests that the parsing fails because the Recorddate field contains the string "Recorddate", which isn't consistent with what you're saying. If Recorddate really contains "15-Nov-2016 23:49:01" I don't know what's up.
Thats great Magnus thank you. I suspect whats happening is the csv parser ignores the first line that contains the csv column names, whereas this filter doesn't and so reads an incorrect value.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.