Hello, i am trying to use date filter but i am getting _dateparsefailure can anyone help me?
Log:
{
"timestamp": "Aug 2 10:47:59",
"@timestamp": "2018-08-02T17:47:59.000Z",
"timezone": "US/Pacific",
"tags": [
"syslog",
"_dateparsefailure"
]
},
"fields": {
"@timestamp": [
"2018-08-02T17:47:59.000Z"
]
},
"sort": [
1533232079000
]
}
Config
filter{
date{
match => [ "timestamp", "MMM dd yyyy HH:mm:ss", "MMM d yyyy HH:mm:ss"]
timezone => "US/Pacific"
}
}
regards
Hi Sebastian,
I have the exact same date format and the following config works for me:
date {
match => [ "[event][timestamp]", "MMM dd HH:mm:ss" ]
target => "[event][timestamp]"
}
As the timestamp is already generated for my timezone, i don't specify it explicitly.
Are there as many spaces between "Aug" and "2" and between "MMM" and "d"?
If the date filter fails it'll log a message containing clues about the nature of the error.
I am trying to parse the 5/1/2018 7:48:00 AM with following filter code in logstash and want to convert it into Hing Kong timezone.
date{
match=>["SUBMIT_DATE","M/d/yyyy H:mm:ss"]
target => "SUBMIT_DATE"
timezone => "Etc/GMT-7"
}
Q1- Does ELK support the date format with "/".
Q2- My .csv recevie dates in "/" format, do I always need to change to "-" format.
Thanks for you help..
Cheers !!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.