Unable to parse timestamp

HI Team,
I am working on some logs which looks something like below

2018-09-02 23:02:18,358|[[ACTIVE] ExecuteThread: '15' for queue: 'weblogic.kernel.Default (self-tuning)']|ERROR|GlobalExceptionMapper|Unknown|Unknown|Unknown|Unknown|Unknown|HTTP 405 Method Not Allowed
javax.ws.rs.NotAllowedException: HTTP 405 Method Not Allowed

and my logstash conf file as below

filter {
    grok {
      match => { "message" => "%{TIMESTAMP_ISO8601:weblogtime}\|%{DATA:ThreadDetails}\|%{LOGLEVEL:webtrace}\|%{DATA:loggerclass}\|%{URIPATHPARAM:ServiceURL}\|%{DATA:UserId}\|%{DATA:SessionId}\|%{DATA:TransactionsId}\|%{DATA:ErrorCode}\|%{GREEDYDATA:defaultlogmessage}" }
        }
      date {
        match => [ "weblogtime" , "ISO8601"]
        target => @timestamp
          }
      mutate {
        remove_field => [ "message" ]
          }
}

I am getting constant dateparsefailure for the above conf,i have find the right match and overwrite with @timestamp.

Your configuration looks correct. If the date filter fails to parse a string and tags it with _dateparsefailure there should be something about it in the Logstash log.

Yes, I strongly believe that configuration is close enough but there are two big problems which i wanted to highlight here..

I am getting some grokparsefailures which is very strange and i have very high parse success rate, so am dropping the failed ones here..

I am not getting the below picture while creating index in kibana..

image.png1100×176 6.1 KB

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.