Logstash date filter match pattern

vikasp · February 21, 2020, 9:53pm

Hi,
I have a logstash config that pulls from jdbc and pushes it to elasticsearch based on the select statement where my tracking column is an attribute mod_dttm (Example: 23-JAN-20 12.23.28.771000000 PM).

So, I created a filter as below:

filter {
mutate {
    add_field => {
        "[@metadata][mod_dttm]" => "%{mod_dttm}"
    }
}
date    {
    locale => "en"
    timezone => "UTC"
    match => [ "mod_dttm", "dd-MMM-yy hh.mm.ss.SSSSSSSSS a" ]
    target => "@timestamp"
}
}

I am getting _dateparsefailure. Can somebody please help. When I see/search the documents, the mod_dttm is in this format in the elasticsearch "yyyy-MM-dd'T'HH24:mm:ss.SSS'Z'"

Badger · February 21, 2020, 10:13pm

hh can have values from 0 to 11. 12 is not valid. Use HH instead.

vikasp · February 21, 2020, 10:41pm

Still getting the same error _dateparsefailure

Badger · February 22, 2020, 12:40am

input { generator { count => 1 lines => [ '' ] } }
filter {
    mutate { add_field => { "mod_dttm" => "23-JAN-20 12.23.28.771000000 PM" } }
    date    {
        locale => "en"
        timezone => "UTC"
        match => [ "mod_dttm", "dd-MMM-yy HH.mm.ss.SSSSSSSSS a" ]
        target => "@timestamp"
    }
}
output { stdout { codec => rubydebug { metadata => false } } }

gets me

"@timestamp" => 2020-01-23T12:23:28.771Z,

So something is not as you describe it.

Topic		Replies	Views
Date Filter Logstash	11	2328	March 13, 2018
Logstash Data parsing error - _dateparsefailure Logstash	3	2879	August 3, 2017
Log timestamp is not getting through date filter getting date_time_parse_exception Logstash	18	1928	August 13, 2022
Logstash _dateparsefailure Logstash	4	454	August 31, 2018
__dateparsefailure trying match date Logstash	2	462	October 14, 2017

Logstash date filter match pattern

Related topics