Wrong Timestamp

Hi,

I have an issue with logstash.

all logs are prefixed with a wrong timestamp: the year is 2000.
The rest of the date is good.

here is my output section from logstash.conf:

output {
elasticsearch {
template_overwrite => "true"
action => "index"
hosts => "localhost"
index => "logstash-%{+YYYYMMddHH00}"
document_type => "event"
}
stdout {}
}

and here is a sample in /var/log/logstash/logstash.stdout

2000-03-20T13:22:20.000Z x.x.x.x true ;bla bla;bla bla bla;bla bla
2000-03-20T13:22:20.000Z x.x.x.x true ;bla bla;bla bla bla;bla bla

it worked perfectly before.

Many thanks for your help.

Libfy

What does the input and the rest of the sonfiguration look like?

Hey,

thanks for your answer.

Here is the full conf file:

input {
syslog {
type => csv
port => 5544
}

}

filter {
csv {
separator => ";"
columns => ["tag","src_ip","ip_status","Threat","HostDom","AS","ASNAme","Note_VT","Last_View","URL_VT"]
}

geoip {
source => "src_ip"
target => "geoip"
database => "/etc/logstash/GeoLiteCity.dat"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
mutate {
convert => [ "[geoip][coordinates]", "float"]
}

}

output {
elasticsearch {
template_overwrite => "true"
action => "index"
hosts => "localhost"
index => "logstash-%{+YYYYMMddHH00}"
document_type => "event"
}
stdout {}
}

And here is the input from another server, though syslog:

true ;x.x.x.x;DOWN;XXXXX;XX;16276;XXXXXXXX;XXX;xxxx;XXXXX

Hey,

I think I found the solution: just add locale => fr in the input section. And it works now.

Thanks for your help.