Logstash - Filter-Date-Match

senthilyes · May 2, 2017, 9:50pm

Hi

Trying to replace the timestamp (interval_start_date_time) retrieved from DB2 to the logstash time stamp. Referred other similar threads but didn't help and finally here.

Output without using Date filter:
{
"@timestamp": "2017-05-02T21:42:12.035Z",
"@version": "1",
"interval_start_date_time": "2014-12-05T18:28:40.000Z"
}

Added below Date filter:
filter {
date {
match => ["INTERVAL_START_DATE_TIME", "yyyy-MM-dd'T'HH:mm:ss.SSSZ"]
#timezone => "America/Chicago"
tag_on_failure => [ _baddate]
target => "@timestamp"
}
}

Output below after adding Date Filter ( in which @timestamp is not replaced):
{
"@timestamp": "2017-05-02T21:47:27.714Z",
"@version": "1",
"interval_start_date_time": "2014-12-05T18:28:40.000Z"
}

Am I missing something?

Thanks.

magnusbaeck · May 4, 2017, 8:19am

Field names are case-sensitive.

senthilyes · May 4, 2017, 3:29pm

Hi Magnus

Thanks for the response. I have the field with same case in Input SQL Query as well as the Filter plugin. The Logstash prints the fields in lower-cases irrespective of the cases in input and filter plugins.

We had identified the root cause of the issue and that is due to the input Select query pulls the field in a date format but the filter plugin expects in string format. After modifying the SQL Query to pull the Date field as String through DB2 Date Format conversion, it works fine now and the Logstash @Timestamp is replaced by the DB2 TimeStamp.

Thanks for your time.

Topic		Replies	Views
Date filter not working [Solved] Logstash	1	4525	May 18, 2016
Date filter not working in Logstash Logstash	2	1663	August 16, 2016
Replace timestamp by a other field Logstash	10	3840	July 11, 2017
Logstash date filter not replacing @timestamp field Logstash	3	1289	March 4, 2017
Changing timestamp Logstash	6	1232	September 22, 2015

Logstash - Filter-Date-Match

Related topics