Syslog and Auth Logs DateParseFailure


I have the following date filter configuration to match both timestamps from syslog and auth logs:

date {
         locale => "en"
         match => [ "[system][syslog][timestamp]", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ] 

But it always returns _Dateparsefailure... I believe it is because the log timestamp format is:

Nov 2 10:10:10

Probably spacing troubles, but I can't overcome this error...
I tried this solution, but it didn't work for me:

Found the solution just with the following line config:

remove_field => "system.syslog.timestamp"

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.