Logstash date filter

Kamikaze_K · June 3, 2021, 11:30am

I have logs that I am parsing and the date does not contain the year which should be default current year.

The field that I get after grok etc is 06/25 11:33:19.9 PM and 06/25 11:33:19.9 PM etc

I am trying to use the date filter to change these to a date field type before sending to elastic search. I am using the date filter below

date {
match => ["timestamp", "MM/dd HH:mm:ss:S a"]
    target => "timestamp"
 }

But I am getting a dateparsefailure. I'm i missing something?

Badger · June 3, 2021, 3:49pm

That should be ".S", not ":S"

system · July 1, 2021, 3:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.