Hi.
We are seeing errors on malformed dateformats on our Logstash hosts even though we should be matching the pattern.
Logstash: 2.4
Elasticsearch: 2.4
The Logstash Config:
if [message] {
grok {
patterns_dir => [ "/etc/logstash/patterns/grok-patterns" ]
#Wildfly PHP Apache
match => { "message" => ["\A%{TIMESTAMP_ISO8601:logdate}",
"%{PHP_TIMESTAMP:logdate}",
"%{HTTPDATE:logdate}"]
}
}
}
date {
match => [ "logdate", "ISO8601", "yyyy/MM/dd HH:mm:ss", "dd-MMM-yyyy HH:mm:ss ZZZ", "dd/MMM/yyyy:HH:mm:ss Z" ]
add_tag => [ "date_modified" ]
}
The error data:
{:timestamp=>"2016-10-05T04:27:02.179000+0200", :message=>"Failed parsing date from field", :field=>"logdate", :value=>"2016-10-05 04:26:54", :exception=>"Invalid format: "2016-10-05 04:26:54" is malformed at "16-10-05 04:26:54"", :config_parsers=>"ISO8601,yyyy/MM/dd HH:mm:ss,dd-MMM-yyyy HH:mm:ss ZZZ,dd/MMM/yyyy:HH:mm:ss Z", :config_locale=>"default=en_US", :level=>:warn}
Have anyone experienced the same?