I'm trying to parse timestamp from our Traffic Server diags log with filebeat.
[Feb 11 15:31:05.152] Server {0x2ae10580cd40} NOTE: ssl_multicert.config done reloading!
[Feb 11 15:31:05.340] Server {0x2ae10580cd40} NOTE: traffic server running
I'm using this dissect filter to extract the timestamp (that works just fine):
processors:
- dissect:
tokenizer: '[%{logtime}]'
target_prefix: ''
Then, I'm trying to use the timestamp processor although after a few tries, kept on failing and I'm not exactly sure how to fix it.
- timestamp:
field: logtime
layouts:
- 'Feb 11 07:04:26.515'
- StampMilli
test:
- 'Feb 11 07:04:26.515'
The results is like this:
Feb 11 15:38:59 cdn1cdmid0001 filebeat: 2020-02-11T15:38:59.021Z#011INFO#011instance/beat.go:435#011filebeat stopped.
Feb 11 15:38:59 cdn1cdmid0001 filebeat: 2020-02-11T15:38:59.021Z#011ERROR#011instance/beat.go:916#011Exiting: Error while initializing input: failed to parse test timestamp: failed parsing time field logtime='Feb 11 07:04:26.515'
Feb 11 15:38:59 cdn1cdmid0001 filebeat: Exiting: Error while initializing input: failed to parse test timestamp: failed parsing time field logtime='Feb 11 07:04:26.515'