Parsing Failed for multiline starts with dd MMM yyyy HH:mm:ss,SSS

Anuj_Rajput · May 7, 2018, 1:47pm

Parsing Failed for multiline starts with dd MMM yyyy HH:mm:ss,SSS
Sample log : 06 May 2018 18:25:01,021 Some Multiline Text
Below configuration is used
input {
file {
path => "/Some/Loactions/*.log"
type => "api_access"
codec => multiline {
pattern => "^{TIMESTAMP_ISO8601:timestamp} "
negate => true
what => "previous"
}
date {
"match" => [ "timestamp", "dd MMM yyyy HH:mm:ss,SSS" ]
target => "@timestamp"
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}

magnusbaeck · May 8, 2018, 7:46pm

That's not an ISO8601 date so don't use the TIMESTAMP_ISO8601 pattern. Also, the multiline codec isn't a grok filter so you can't create new fields with it.

system · June 5, 2018, 7:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiline filter and dateparse issue in production Logstash	12	3285	July 6, 2017
Logstash grok filter Logstash	3	474	March 23, 2017
Multiline pattern for date is not working Logstash	1	235	April 2, 2020
Dateparsefailure for "yyyy-MM-dd-HH:mm:ss.SSSZZ" format Logstash	3	2429	September 19, 2018
message=>"Failed parsing date from field", :field=>"timestamp", :value=>"2016-09-14 15:43:48.258000", :exception=>"Invalid format: \"2016-09-14 15:43:48.258000\"", Logstash	3	1320	July 6, 2017

Parsing Failed for multiline starts with dd MMM yyyy HH:mm:ss,SSS

Related topics