Logstash parses log fine, elasticsearch throws date error?

encee · November 19, 2016, 5:36am

Log: 2016-11-19 05:15:34.537 [INFO ] [15722:119885] Blah blah blah

Date Config:

date {
match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss.SSS" ]
timezone => 'UTC'
locale => 'en'
}

Error: {:timestamp=>"2016-11-19T05:16:05.983000+0000", :message=>"Failed parsing date from field", :field=>"timestamp", :value=>"2016-11-19 05:15:34.537", :exc
eption=>"Invalid format: "2016-11-19 05:15:34.537" is malformed at ".537"", :config_parsers=>"yyyy-MM-dd HH:mm:ss Z", :config_locale=>"en", :level=>
:warn}

This is only thrown when pushed into elasticsearch, but when I run the configuration manually (bin/logstash -f config) it parses just fine.

Any ideas ?

encee · November 19, 2016, 6:12am

Looks like it had to do with a date block outside of a filter block in another configuration which must of been getting applied AFTER the configuration here said it was good.

system · December 17, 2016, 6:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Failed parsing date from field - how to troubleshoot Logstash	2	1012	July 6, 2017
Date filter not parsing this datetime Logstash	3	659	July 6, 2017
Issue parsing date Logstash	3	688	July 13, 2017
Logstash/elasticsearch failed to parse date field tried both date format [dateOptionalTime], and timestamp number with locale Logstash	10	8528	July 6, 2017
Parsing date format error Logstash	3	761	October 24, 2018

Logstash parses log fine, elasticsearch throws date error?

Related topics