Hi,
The date-timestamp column "time" in my log looks like: 09-FEB-18 05.32.53.045598000 AM
With the below configuration in logstash, I am getting dateparse failure:
date {
match => [ "time", "dd-MMM-yy HH.mm.ss.SSSSSSSSS a" ]
}
Please suggest on how this Month name in UPPERCASE can be handled?
I tried it out in Logstash 6.2 and was not able to reproduce it:
input {
generator {
lines => ['09-FEB-18 05.32.53.045598000 AM']
count => 1
}
}
filter {
date {
match => [ "message", "dd-MMM-yy HH.mm.ss.SSSSSSSSS a" ]
}
}
output {
stdout { codec => rubydebug }
}
Resulted in:
{
"message" => "09-FEB-18 05.32.53.045598000 AM",
"@timestamp" => 2018-02-09T05:32:53.045Z,
"@version" => "1",
"sequence" => 0,
"host" => "localhost"
}
Are you sure your time field contain the correct data?
Hi,
In the DB, if the time column type is 'varchar()', then it is working.
But giving "dateparsefailure" if the column type is 'timestamp'.
please suggest.
Have you tried converting your timestamp to either integer or string with a mutate filter? I can't test it right now, but if that gives you useful results, you could parse the string with your date format pattern or use UNIX_MS to transform the integer value.
Hi,
converting to a string and then using the date filter worked. Thanks.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.