Logstash time filter not working

My CSV

xyz.com,1/1/2018 12:17:37 PM,62
xyz.com,7/15/2017 1:11:34 AM,62
xyz.com,7/15/2017 1:06:34 AM,62
xyz.com,7/15/2017 1:01:34 AM,78

Filter

filter {

csv {
separator => ","
columns => [
"URL",
"Date",
"Response"
]
}
date {
match => [ "Date","M/d/yyyy H:mm:ss" ]
target => "@timestamp"
}

}

Outpu

"Response" => "62",
"path" => "/home/elastic/elk/samplelog/urlresponse.csv",
"@timestamp" => 2018-01-11T10:45:21.323Z,
"@version" => "1",
"host" => "localhost.localdomain",
"message" => "xyz.com,1/1/2018 12:17:37 PM,62\r",
"URL" => "xyz.com",
"Date" => "1/1/2018 12:17:37 PM",
"tags" => [
[0] "_dateparsefailure"

CSV time id not filtering for @timestamp

i want to use CSV time ( "Date" => "1/1/2018 12:17:37 PM",) for indexing @timestamp.

Your date filter pattern is wrong, it's missing the AM/PM capture flag.

Also you might want to set a timezone on the date filter as well, else it will get your system's timezone and convert to UTC (so unless your system is also on UTC you could have offsets applied in your timestamp).

Try this:

filter {
    csv {
        separator => ","
        columns => ["URL","Date","Response"]
    }
    date {
        match => [ "Date","M/d/yyyy H:mm:ss a" ]
        timezone => "Etc/UTC"
        target => "@timestamp"
    }
}

Thank you @paz

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.