Logstash Data parsing error - _dateparsefailure

I am trying to parse the Time format "timestamp" => "27/06/17 11:19:53:053 EDT" - I tried the following match pattarns in Logstash Filter but I am getting _dateparsefailure error

Filter in Logstash:
------------------------
filter {
if [type] == "app-log"
{

grok {
            match => ["message", "\[%{GREEDYDATA:timestamp}\] %{GREEDYDATA:message}"]
     }

date {
    locale => "en"
    #match => ["timestamp", "dd/MM/yy HH:mm:ss:SSS Z"]
match => [ "timestamp", "ISO8601" ]
    timezone => "UTC"
    target => "@logtimestamp"
    }
}
}

Data output in stdout:
--------------------------------
"@timestamp" => 2017-06-30T20:47:14.468Z,
"offset" => 949,
"@version" => "1",
"input_type" => "log",
"beat" => {
"hostname" => "XXXXXXXXXXXX",
"name" => "XXXXXXXXXX",
"version" => "5.2.2"
},
"host" => "XXXXXXXXXXXXX",
"source" => "D:\ELK\filebeat\source\YYYY.log",
"message" => [[XXXXXXXXXXXX],
"type" => "app-log",
"tags" => [
[0] "beats_input_codec_plain_applied",
[1] "_dateparsefailure"
],
"timestamp" => "27/06/17 11:19:53:053 EDT"

The Logstash log should contain information about what the date filter finds objectionable, but you can start by deleting

match => [ "timestamp", "ISO8601" ]

since your timestamp clearly isn't ISO8601, and then reinstating

match => ["timestamp", "dd/MM/yy HH:mm:ss:SSS Z"]

which should be okay except that the date filter can't parse timezone names like EDT.

Thanks for the reply. It worked for me!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.