I did a small test:
datefailtest.conf:
input { stdin{} }
filter {
grok {
match => { "message" => "\[%{GREEDYDATA:logtime}\] %{WORD:status}: %{GREEDYDATA:process}" }
}
date {
timezone => "Europe/Prague"
match => ["logtime", "yyyy-MM-dd HH:mm:ss"]
target => "@timestamp"
}
}
output { stdout{ codec => rubydebug } }
execution:
root@elasticsearch-vm:/# /usr/share/logstash/bin/logstash -f "/root/datefailtest.conf" --path.data="/var/lib/logstash-man"
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
The stdin plugin is now waiting for input:
[2018-03-28 12:00:21] Processed: shop\Export\Jobs\ExportOrders
{
"@timestamp" => 2018-03-28T10:00:21.000Z,
"@version" => "1",
"message" => "[2018-03-28 12:00:21] Processed: shop\Export\Jobs\ExportOrders",
"process" => "shop\Export\Jobs\ExportOrders",
"host" => "elasticsearch-vm",
"status" => "Processed",
"logtime" => "2018-03-28 12:00:21"
}
Please check your ES configuration again and make sure that this is not the reason for your empty output right now.