Problem in Parsing date

Debashis_Adak · March 16, 2018, 1:03pm

Hi,

I am facing an unique problem. I have a server in USA which is generating with timestamp like "<Mar 16, 2018 9:11:01 AM UTC>"

Can anyone tell me how to handle UTC part? The date is already in UTC and I don't want to change the date but logstash is changing it as the server is in USA.

Right Now I am doing like :

In grok : <%{DATA:Timestamp} UTC>

So here Timestamp = Mar 16, 2018 9:11:01 AM

Then:

date {
match => [ "Timestamp",
"MMM dd, YYYY KK:mm:ss aa",
"MMM d, YYYY KK:mm:ss aa" ]
target => "@timestamp"
timezone => "UTC"
}

Now sure how to handle "UTC".

Thanks & Regards,
Debashis Adak

Badger · March 16, 2018, 1:31pm

You do not need to specify the second one, it is implied by the first.

For the message "Mar 6, 2018 9:11:01 PM UTC"

  grok { match => { "message" => "%{DATA:Timestamp} UTC" } }
  date { match => [ "Timestamp", "MMM dd, YYYY KK:mm:ss aa" ] target => "@timestamp" timezone => "UTC" }

will produce

     "Timestamp" => "Mar 6, 2018 9:11:01 PM",
    "@timestamp" => 2018-03-06T21:11:01.000Z

What is the problem with that?

system · April 13, 2018, 1:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help parsing [06/Sep/2017:10:57:42 -0400] Logstash	24	4775	October 10, 2017
@timestamp not matching date parsed, apache logs Logstash	3	2799	July 6, 2017
Unable to write matching date pattern in log stash Logstash	8	2212	July 6, 2017
Logstash Date parsing error Logstash	12	407	April 1, 2022
How can I change the @timestamp match my timestamp? Logstash	3	737	July 6, 2017

Problem in Parsing date

Related topics