Problem in Parsing date

Debashis_Adak · March 16, 2018, 1:03pm

Hi,

I am facing an unique problem. I have a server in USA which is generating with timestamp like "<Mar 16, 2018 9:11:01 AM UTC>"

Can anyone tell me how to handle UTC part? The date is already in UTC and I don't want to change the date but logstash is changing it as the server is in USA.

Right Now I am doing like :

In grok : <%{DATA:Timestamp} UTC>

So here Timestamp = Mar 16, 2018 9:11:01 AM

Then:

date {
match => [ "Timestamp",
"MMM dd, YYYY KK:mm:ss aa",
"MMM d, YYYY KK:mm:ss aa" ]
target => "@timestamp"
timezone => "UTC"
}

Now sure how to handle "UTC".

Thanks & Regards,
Debashis Adak

Badger · March 16, 2018, 1:31pm

You do not need to specify the second one, it is implied by the first.

For the message "Mar 6, 2018 9:11:01 PM UTC"

  grok { match => { "message" => "%{DATA:Timestamp} UTC" } }
  date { match => [ "Timestamp", "MMM dd, YYYY KK:mm:ss aa" ] target => "@timestamp" timezone => "UTC" }

will produce

     "Timestamp" => "Mar 6, 2018 9:11:01 PM",
    "@timestamp" => 2018-03-06T21:11:01.000Z

What is the problem with that?

Topic		Replies	Views
How I can modify timestamp in log message to UTC Logstash	16	7602	July 6, 2017
Why my @timestamp shows wrong hour when overwritten? Logstash	3	418	December 26, 2021
Timezone offset parse issue Logstash	5	3098	May 15, 2018
Create Grok filter date Logstash	5	977	April 3, 2020
Timestamp question Logstash	3	620	July 6, 2017

Problem in Parsing date

Related topics