The day of date is always one in kibana and different that elastic search

Elastic Stack Logstash
1

Hi, the day of date in kibana is showing always 1 , regardless of the date in my log or in Elasticsearch.
i am using elk docker-compose with the latest version.
my logstash config:
grok {
match => { "message" =>
[
"^%{TIMESTAMP:rtimestamp}%{SPACE}%{DIGIT:PID}%{SPACE}%{DIGIT:TID}%{SPACE}%{LETTER:log-level}%{SPACE}%{GREEDYDATA}"
]
} # match of msg
} # end of grok
pattern file:
DIGIT \d+
TIMESTAMP \d\d-\d\d \d\d:\d\d:\d\d.\d\d\d

in kibana discover the field rtimestamp is showing always 1 as day in the date, instead of 14

image
image1226×344 24.8 KB

in the dev console showing the right day of date:

image
image1547×541 54.3 KB

the data view in kibana showing with correct sample 03-14
image
image1501×879 111 KB

my advanced settings:
image
image1468×371 39.1 KB

2

Try little d for your format. MM-dd HH:mm:ss.SSSS. Capital D is Day of Year and little d is Day of Month. Docs.

3

it didnt work with dd
it show the day name:
image

with one d it showing one number...
do you think its a bug?

4

i found the error, it was the mapping format in Elasticsearch , it was MM-DD but it should be MM-dd
but in kibana settings its correct MM-DD

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.