Syslog and Auth Logs DateParseFailure

Miguel_Leite · November 5, 2018, 9:53am

Hello,

I have the following date filter configuration to match both timestamps from syslog and auth logs:

date {
         locale => "en"
         match => [ "[system][syslog][timestamp]", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ] 
}

But it always returns _Dateparsefailure... I believe it is because the log timestamp format is:

Nov 2 10:10:10

Probably spacing troubles, but I can't overcome this error...
I tried this solution, but it didn't work for me: https://discuss.elastic.co/t/date-filter--dateparsefailure-solved/64692/11

Miguel_Leite · November 5, 2018, 10:07am

Found the solution just with the following line config:

remove_field => "system.syslog.timestamp"

system · December 3, 2018, 10:07am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Dateparsefailure - Mac Syslogs Logstash	3	333	June 4, 2018
Logstash - Syslog Timestamp Logstash	2	131	March 19, 2024
Logstash _dateparsefailure Logstash	4	415	August 31, 2018
Date parsing logstash Logstash	5	183	January 30, 2024
_dataparsefailure in tags Logstash	9	1475	October 22, 2019