Logstash @timestamp field wrong?

stefansaye · April 28, 2016, 5:53am

when i using syslog plugin to run logstash with my configuration ,
get the wrong @timestamp ,
it's show 2000 ???

 "@timestamp" => "2000-04-28T08:08:24.000Z"

Any help here?

magnusbaeck · April 28, 2016, 7:41pm

What's the input string and what does your date filter look like?

stefansaye · April 29, 2016, 12:17am

input string is syslog,
"<189>Apr 28 17:23:54 NY-la 23205521: PP/0/RPP1/CPU0:Apr 28 17:26:58.922 : msdp[1051]: %ROUTING-MSDP-5-INIT_STDBY_PEER_UP_DOWN : MSDP peer up: 1.2.3.4 11111 Session has been successfully replicated! , PP/0/PPP1/CPU0:Apr 28 17:26:58.922 : msdp[1051]: %ROUTING-MSDP-5-INIT_STDBY_PEER_UP_DOWN : MSDP peer up: 1.2.3.4 11111 Session has been successfully replicated! "

conf as follow,

input {
  syslog{
      }
 }

i didn't set any date filter

magnusbaeck · April 29, 2016, 5:28am

That's weird. The syslog input uses a date filter internally, but it should default to the current year. I don't understand what the year 2000 comes from.

Topic		Replies	Views
Wrong Timestamp Logstash	4	1344	July 6, 2017
Can logstash use syslog time as @timestamp Logstash	2	583	March 6, 2020
Logstash Syslog @timestamp incorrect Logstash	9	1930	March 5, 2019
Syslog timestamp format? Logstash	8	21839	July 6, 2017
Syslog filter issue with timestamp Logstash	13	1852	January 3, 2022

Logstash @timestamp field wrong?

Related topics