Logstash - Unable to match date pattern

pkaramol · July 3, 2018, 10:18am

I am using a json input to filter some data and sent it to elasticsearch;

sample document from input json file:

{"preview":false,"offset":0,"result":{"@timestamp":"2016-11-30T21:59:43.000Z","@version":"1","_raw":"{ ..}}

I want my corresponding elasticsearch event to have the exact same timestamp as above;

However the following :

  date {
    match => [ "[result][@timestamp]", "yyyy-MM-ddTHH:mm:ss.000Z" ]
    tag_on_failure => ["no_date_match"]
  }

yields

Exception", :message=>"Illegal pattern component: T"

Have also tried: "yyyy-MM-dd HH:mm:ss.000Z

but then I just get match failure.

Which pattern should I use?

pkaramol · July 3, 2018, 12:17pm

This seems to be working:

yyyy-MM-dd'T'HH:mm:ss.000Z

system · July 31, 2018, 12:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date format match Logstash	5	390	July 10, 2018
Logstash date filter, unable to match with pattern defined in a field Logstash	1	483	April 11, 2018
Date timestamp not matching Logstash	12	830	July 7, 2020
[FATAL] 2018-05-04 16:06:38.656 [LogStash::Runner] runner - The given configuration is invalid. Reason: Illegal pattern component: T when trying to parse date Logstash	4	1402	June 1, 2018
How to use date-filter-plugin? Logstash	4	4251	July 6, 2017