Syslog and Auth Logs DateParseFailure


(Miguel Leite) #1

Hello,

I have the following date filter configuration to match both timestamps from syslog and auth logs:

date {
         locale => "en"
         match => [ "[system][syslog][timestamp]", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ] 
}

But it always returns _Dateparsefailure... I believe it is because the log timestamp format is:

Nov 2 10:10:10

Probably spacing troubles, but I can't overcome this error...
I tried this solution, but it didn't work for me: https://discuss.elastic.co/t/date-filter--dateparsefailure-solved/64692/11


(Miguel Leite) #2

Found the solution just with the following line config:

remove_field => "system.syslog.timestamp"


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.