Hi All ,
I am trying to feed in the log from past date using GROK but the date picked in @timestamp is getting changed by some month & year offset.
Actual Date-2016-03-16 12:28:11AM
Time stamp in elasticsearch - "@timestamp": "2016-01-17T06:58:11.000Z",
Please let me know if I am missing something .
Config file grok part;-
grok {
match => { "message" => "%{DATESTAMP:timestamp}" }
}
date {
match => [ "timestamp", "yy-MM-DD HH:mm:ss" ]
}
Regards,
Prateek
Use yy-MM-dd, not yy-MM-DD. Quoting the Joda-Time documentation:
y year year 1996
D day of year number 189
M month of year month July; Jul; 07
d day of month number 10
Thanks a lot. It worked perfectly.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.