I am currently running a script across my network that parses windows event logs.
It stores the "SystemTime" in a csv for me. The time should look something like the following: "2017-12-21T04:59:51.667607100Z". I am currently using the "SystemTime" as the Time Filter Field.
I am parsing the CSVs using the CSV filter in logstash 6.1.1.
It has been working correctly in controlled environments and creating index patterns were working as intended. Once I started using larger data sets, I ran into an issue where the SystemTime column was not being saved correctly in the CSV. I cannot look for errors in logstash because logstash is simply saving SystemTime as a string.
My question is, is there a way to drop, or tag, these lines being read, if the SystemTime is not one of the approved Time Filters? I have not found an updated Time Filter standard since 2015, at the time they were:
Joda-Time tokens plus the Logstash-specific ISO8601, UNIX, UNIX_MS, and TAI64N tokens --- SOURCE : (user) magnusbareck (post) Date filter recognizing custom grok pattern?