@timestamp field is not converting PM time to correct UTC

Hi,

In our logs, we have our date time as below and trying to set the same to timestamp field in logstash. It's giving correct UTC time for AM timings but not converting to right UTC time for PM timings.

Logs : the below data is mapped as Date, Time, half-day using grok filter.
//
03/11/20 09:36:58 AM

03/11/20 09:36:58 PM

03/11/20 02:08:31 PM
//

Our logstash config has :
//
If [halfday] =~ /[AP]M/ {
mutate { add_field ==> [ "ts" , "%{date} %{time} %{halfday}" ] }
} else {
mutate { add_field ==> ["ts" , "%{date} %{time}" ] }
}
If [ts] =~ /date/ {
drop { }
}
date {
match => [ "ts" , "MM/dd/yy HH:mm:ss a" ]
target => "@timestamp"
}
//

For ex : for NY time --> 08:45:42 PM and 08:45:42 AM, timestamp shows as "13:45:42.000Z" for both.
So, for PM time, timestamp is not converting to the right UTC time.

Any help in this is usefull. Thanks in advance.

Regards, Vinutha

Hi there,

first of all please try to properly format your message before posting or it'll be unreadable.

Anyway, try with

date {
  match => [ "ts" , "MM/dd/yy hh:mm:ss a" ]
  target => "@timestamp"
}

Thank you @Fabio-sama, it worked.

No problem. Just mark it as a solution so future readers will see this thread has been solved. ù

Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.