Hi,
I am unable to convert this string "03/31/2023 03:15 AM PDT" to date when using logstash date filter. Getting error dateparse failure.
I am using below script
date {
match => [ "start_time", "mm/dd/yyyy HH:mm Z","MMM d yyyy HH:mm:ss", "ISO8601" ]
target => "start_date"
Thanks
PDT is ambiguous. You are missing an "a" to consume the AM/PM, you have a timezone id (ZZZ) not a numeric offset, you want either hh or KK rather than HH, and months are MM (mm are minutes).
mutate { gsub => [ "message", "PDT", "PST8PDT" ] }
date { match => [ "message", "MM/dd/yyyy hh:mm a ZZZ" ] target => "start_date" }
will produce
"message" => "03/31/2023 03:15 AM PST8PDT",
"start_date" => 2023-03-31T10:15:00.000Z
Still getting the below error
"start_time" => "03/30/2023 11:35 PM PDT",
"tags" => [
[0] "_dateparsefailure"
],
Here is my input section `filter {
csv {
skip_header => "true"
columns => [ "name","project_name","execution_source","requested_at","start_time","end_time","duration(sec)","status","execution_uid","workflow_uid" ]
}
mutate {
convert => ["duration(sec)", "float"]
remove_field => ["message","host","path","@version","@timestamp"]
}
mutate {
gsub => [ "message", "PDT", "PST8PDT" ] }
date {
match => [ "start_time", "MM/dd/yyyy hh:mm a ZZZ" ]
target => "start_date" }
}`
It worked but its showing 5 hours back time in date.
5 hours back from what? The start_date field will always be UTC, so today it will be 7 hours ahead of PDT.
In csv file time is 5am and in elastic its showing 10am
That would be expected if your server were in (for example) Asia/Karachi. If you need to tell the date filter what timezone the data in the csv is in then use the timezone option.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.