Hi all,
I'm facing a really weird issue parsing the date from an access log that doesn't use standard ISO8601 format but one that looks like: [08/Sep/2020:18:39:23 +0200]
I captured the group with a simple grok in a field called "t_stamp" and then applied this date filter:
date { match => ["t_stamp", "dd/MMM/yyyy:hh:mm:ss Z"] }
Problem is that this works only in about 1/3 of the logs, the rest are indexed with a _dateparsefailure error:
Log correctly parsed
Log incorrectly parsed.
Since all the strings, option and fields seems the same I really cannot understand why this error. Any clue?