Hi,
i have a problem in managing exceptions in filter logstash.
I have to define some dates which don't always show the same format and this causes the following error:
Hi ,
thanks for the advice, could you please show me for instance how to apply the date filter supposing that the format could be
'%d/%m/%Y %H.%M.%S %Z'
'%d/%m/%Y %H:%M:%S %Z'
If you have multiple possible separators, you can try to normalize them using a mutate gsub filter. This will reduce the number of patterns you need to match. Can you provide actual exemples of the date panterns you want to match?
this is my csv input :
ID ; DATE
TTM000005718043 ; 11/12/2015 09.42.12;
TTM000006099454 ; 11/12/2015 12:06:08;
TTM000006097855 ; 11/12/2015 13.22.56;
TTM000001111111 ; 11/12/2015 13:24:14;
thisi is my filter of config file for logstash:
filter {
if [type] == "test" {
csv {
columns => ["ID","DATE"]
separator => ";"
}
date {
match => ["DATE", "d/m/Y H.M.S Z", "d/m/Y H.M:S Z", "ISO8601"]
}
}
but from this format 11/12/2015 09.42.12 must become this format 2015-12-11T09:42:12.000Z
I tried to remove the time zone but does not change the situation
This is the output I want on ES:
TTM000005718043; 2015-12-11T09:42:12.000Z
TTM000006099454; 2015-12-11T00:06:08.000Z
TTM000006097855; 2015-12-11T13:22:56.000Z
TTM000001111111; 2015-12-11T13:24:14.000Z
You seem to have a space a the start of the date column, which your date pattern does not seem to account for. You can remove this through a mutate strip filter. I would also recommend using the stdout filter with ruby debug codec while troubleshooting this issue.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.