Logstash CSV filter - _dateparsefailure from string to date

pmaganti · March 4, 2021, 7:28am

Hello,

I am trying to set a field from CSV as @timestamp and is failing with a tag _dateparsefailure.

Following is the config.

input {
  beats {
    port => 5044
  }
}
filter {
  csv {
    separator => ","
    autodetect_column_names => true
  }

mutate { add_field => { "TimeStamp1" => "%{TimeStamp}" } }

  date {
    match => ["TimeStamp1", "yyyy-MM-dd HH:mm:ss'ZZ'"]
    timezone => "UTC"
    target => "TimeStamp1"
  }

}
output {
  elasticsearch {
    hosts => ["localhost:9200"]
    manage_template => false
    index => "telematics-%{+YYYY.MM.dd}"
  }
}

Tried the following and got no errors

echo "2021-02-22 21:56:02+00:00" | sudo /usr/share/logstash/bin/logstash -e 'input { stdin {} } filter { date { match => [ "message", "yyyy-MM-dd HH:mm:ss'Z'"] timezone => "UTC" target => "@timestamp" } }'

Result:

{
   "message" => "2021-02-22 21:56:02+00:00",
   "host" => "ip-172-31-15-47",
   "@version" => "1",
   "@timestamp" => 2021-02-22T21:56:02.000Z
}

For reference, this is the date string coming from csv - 2021-02-22T21:56:02.000Z

Could you help me understand if I am missing anything with the date format match?

Badger · March 4, 2021, 4:49pm

I would expect "yyyy-MM-dd HH:mm:ssZZ"to match "2021-02-22 21:56:02+00:00". "yyyy-MM-dd HH:mm:ss'ZZ'" would match "2021-02-22 21:56:02ZZ".

pmaganti · March 4, 2021, 6:06pm

Thank you @Badger. It worked.

system · April 1, 2021, 6:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.