Unable to parse date in logstash getting _grokparsefailure in elasticsearch

Elastic Stack Logstash
1

I am using beats to read logs from my log file and log format is like:
2020-06-07T17:45:35.8964992Z|101|Info|136|ThreadPool|ValidationService.GetValidValueDate.LookupByCurrencyAndOwnersOfClientId

I tried many patterns but nothing works. Logstash is starting successfully but in kibana i am getting _grokparsefailure

My filter in logstash is:
filter {
grok {
match => [ "message", "%{TIMESTAMP_ISO8601:logtime} %{GREEDYDATA:message}" ]
}
date {
match => ["logtime", "yyyy-MM-dd'T'HH:mm:ss'.'SSSSSSS'Z'"]
timezone => "UTC"
target => "@timestamp"
}
}

2

It looks like your grok pattern has a space after the timestamp but the log format does not.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.