Time outside range and possible syntax error with logstash-influxdb plugin

naveenrt23 · June 5, 2019, 3:07pm

Hi,

I have been trying to send data from logstash to influxdb through output inlfluxdb plugin and i see parsing error and time out of range error

Non recoverable exception while writing to InfluxDB {:exception=>#<InfluxDB::Error: {"error":"unable to parse 'requests,clientip=10.106.000.96,repo=api resource=\"/api\token\",resource_name=\"token\",requesttype=\"REQUEST\",method=\"GET\",statuscode=\"200\",username=\"anonymous\",bytes=0i,host=\"SARI-M-C5\",resource_path=\"docker/docker-login/v2/token\",duration=5i,path=\"/test-arti.log\",resource_type=\"docker/token\" 1558726205000000000': time outside range -9223372036854775806 - 9223372036854775806"}

FILTERS:

Grok,mutate and data filters

    grok {
        # Enable multiple matchers
        break_on_match => false

        match => { "message" => "%{DATA:timestamp_local}\|%{NUMBER:duration}\|%{WORD:requesttype}\|%{IP:clientip}\|%{DATA:username}\|%{WORD:method}\|%{DATA:resource}\|%{DATA:protocol}\|%{NUMBER:statuscode}\|%{NUMBER:bytes}" }

        # Extract repo and path
        match => { "resource" => "/%{DATA:repo}/%{GREEDYDATA:resource_path}"}

        # Extract resource name
        match => { "resource_path" => "(?<resource_name>[^/]+$)" }

        # Extract file extension
        match => { "resource_path" => "(?<resource_type>[^.]+$)" }
      }
 #Parse date field
  date {
    timezone => "UTC"
    match => [ "timestamp_local" , "yyyyMMddHHmmss" ]
    target => "timestamp_object"
  }
  mutate{
  add_field => { "time" => "%{time}"}
  }

ruby {
code => "event.set('timestamp', event.get('timestamp_object').to_i * 1000);
event.set('time',event.get('timestamp_object').to_i*1000000000)"
}

system · July 3, 2019, 3:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.