Problems parsing time in logstash with date filter

anchasis · December 29, 2017, 12:12pm

I have a problem parsing a timestamp of the format "2017-06-28T10:28:18.000Z". It should match both
"ISO8601" and "YYYY-MM-dd'T'HH:mm:ss.SSS'Z'" but apparently it doesn't. All other formats get parsed correctly

I tried everything but it doesn't get converted to timestamp type. I use this filter:

date {
    match => [
        "custom_time_field",
        "YYYY-MM-dd HH:mm:ss.SSS",
        "YYYY-MM-dd HH:mm:ss.SS",
        "YYYY-MM-dd HH:mm:ss.S",
        "YYYY-MM-dd HH:mm:ss",
        "YYYY-MM-dd'T'HH:mm:ss.SSS'Z'",
        "YYYY-MM-dd'T'HH:mm:ss.SS'Z'",
        "YYYY-MM-dd'T'HH:mm:ss.S'Z'",
        "YYYY-MM-dd'T'HH:mm:ss'Z'",
        "ISO8601"
    ]
    target => 'custom_time_field_time'
}

I am out of idea's. Anyone that can give me a pointer would be very helpful

anchasis · December 29, 2017, 3:04pm

Solution found,

in the filter section there was also a

convert => {
...
}

filter that tried to convert that field to date_time type. I guess this must have caused a race condition in some cases with the date filter

system · January 26, 2018, 3:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need a date parser for my custom date fielsd Logstash	3	1263	July 6, 2017
Date filter in logstash.conf not parsing the date while grok parses it by timestamp_iso8601 Logstash	21	27371	July 6, 2017
Problem with Logstash date parse Logstash	3	1479	August 30, 2019
Parsing date format error Logstash	3	761	October 24, 2018
Log timestamp is not getting through date filter getting date_time_parse_exception Logstash	18	1622	August 13, 2022

Problems parsing time in logstash with date filter

Related Topics