I am trying to replace @timestamp with actual logfile timestamp
i find it not working with change in pattern:
for instance: this works for 01/01/2016:
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss]
But not with 2016/01/01 format
date {
match => [ "timestamp", "YYYY/MM/dd HH:mm:ss" ]
target => "@timestamp"
add_field => { "debug" => "timestampMatched"}
test1 with: YYYY/MM/dd HH:mm:ss
:response=>{"create"=>{"_index"=>"logstash-2016.01.04", "_type"=>"Nginx-Error-Log", "id"=>"AVKta1qSTV0U2R-BZO-", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse [timestamp]", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"Invalid format: "2016/02/04 17:53:48" is malformed at "/02/04 17:53:48""}}}}, :level=>:warn}
test2 with: YYYY/MMM/dd HH:mm:ss
{:timestamp=>"2016-02-04T17:45:51.774000+0000", :message=>"Failed parsing date from field", :field=>"timestamp", :value=>"2016/02/04 17:45:44", :exception=>"Invalid format: "2016/02/04 17:45:44" is malformed at "02/04 17:45:44"", :config_parsers=>"YYYY/MMM/dd HH:mm:ss", :config_locale=>"en", :level=>:warn}
can anyone suggest how this should be matched?
