Logstash date filter match pattern

vikasp · February 21, 2020, 9:53pm

Hi,
I have a logstash config that pulls from jdbc and pushes it to elasticsearch based on the select statement where my tracking column is an attribute mod_dttm (Example: 23-JAN-20 12.23.28.771000000 PM).

So, I created a filter as below:

filter {
mutate {
    add_field => {
        "[@metadata][mod_dttm]" => "%{mod_dttm}"
    }
}
date    {
    locale => "en"
    timezone => "UTC"
    match => [ "mod_dttm", "dd-MMM-yy hh.mm.ss.SSSSSSSSS a" ]
    target => "@timestamp"
}
}

I am getting _dateparsefailure. Can somebody please help. When I see/search the documents, the mod_dttm is in this format in the elasticsearch "yyyy-MM-dd'T'HH24:mm:ss.SSS'Z'"

Badger · February 21, 2020, 10:13pm

hh can have values from 0 to 11. 12 is not valid. Use HH instead.

vikasp · February 21, 2020, 10:41pm

Still getting the same error _dateparsefailure

Badger · February 22, 2020, 12:40am

input { generator { count => 1 lines => [ '' ] } }
filter {
    mutate { add_field => { "mod_dttm" => "23-JAN-20 12.23.28.771000000 PM" } }
    date    {
        locale => "en"
        timezone => "UTC"
        match => [ "mod_dttm", "dd-MMM-yy HH.mm.ss.SSSSSSSSS a" ]
        target => "@timestamp"
    }
}
output { stdout { codec => rubydebug { metadata => false } } }

gets me

"@timestamp" => 2020-01-23T12:23:28.771Z,

So something is not as you describe it.

system · March 21, 2020, 12:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
_dateparsefailure for date filtering on database date column value Logstash	3	1075	May 9, 2017
_dateparsefailure mapping date and time to @timestamp field Logstash	3	311	May 26, 2021
Date filter dateparsefailure Logstash	2	297	February 7, 2020
Data parse error ["_dateparsefailure"] Logstash	9	1031	August 15, 2018
Problem with date filter Logstash	6	260	June 10, 2022

Logstash date filter match pattern

Related topics