Logstash time filter not working

rijinmp · January 11, 2018, 11:13am

My CSV

xyz.com,1/1/2018 12:17:37 PM,62
xyz.com,7/15/2017 1:11:34 AM,62
xyz.com,7/15/2017 1:06:34 AM,62
xyz.com,7/15/2017 1:01:34 AM,78

Filter

filter {

csv {
separator => ","
columns => [
"URL",
"Date",
"Response"
]
}
date {
match => [ "Date","M/d/yyyy H:mm:ss" ]
target => "@timestamp"
}

}

Outpu

"Response" => "62",
"path" => "/home/elastic/elk/samplelog/urlresponse.csv",
"@timestamp" => 2018-01-11T10:45:21.323Z,
"@version" => "1",
"host" => "localhost.localdomain",
"message" => "xyz.com,1/1/2018 12:17:37 PM,62\r",
"URL" => "xyz.com",
"Date" => "1/1/2018 12:17:37 PM",
"tags" => [
[0] "_dateparsefailure"

CSV time id not filtering for @timestamp

i want to use CSV time ( "Date" => "1/1/2018 12:17:37 PM",) for indexing @timestamp.

paz · January 11, 2018, 2:53pm

Your date filter pattern is wrong, it's missing the AM/PM capture flag.

Also you might want to set a timezone on the date filter as well, else it will get your system's timezone and convert to UTC (so unless your system is also on UTC you could have offsets applied in your timestamp).

Try this:

filter {
    csv {
        separator => ","
        columns => ["URL","Date","Response"]
    }
    date {
        match => [ "Date","M/d/yyyy H:mm:ss a" ]
        timezone => "Etc/UTC"
        target => "@timestamp"
    }
}

rijinmp · January 16, 2018, 6:41am

Thank you @paz

system · February 13, 2018, 6:41am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Data filter not working properly Logstash	5	443	November 15, 2018
Date filter dosen't work Logstash	11	634	March 29, 2018
Logstash _dateparsefailure Logstash	4	415	August 31, 2018
@timestamp should match with aupm_timestamp is not working for me Logstash	9	1041	July 6, 2017
Logstash CSV filter - _dateparsefailure from string to date Logstash	3	398	April 1, 2021

Logstash time filter not working

My CSV

Filter

Outpu

Related topics