Wrong Timestamp

Elastic Stack Logstash
1

Hi,

I have an issue with logstash.

all logs are prefixed with a wrong timestamp: the year is 2000.
The rest of the date is good.

here is my output section from logstash.conf:

output {
elasticsearch {
template_overwrite => "true"
action => "index"
hosts => "localhost"
index => "logstash-%{+YYYYMMddHH00}"
document_type => "event"
}
stdout {}
}

and here is a sample in /var/log/logstash/logstash.stdout

2000-03-20T13:22:20.000Z x.x.x.x true ;bla bla;bla bla bla;bla bla
2000-03-20T13:22:20.000Z x.x.x.x true ;bla bla;bla bla bla;bla bla

it worked perfectly before.

Many thanks for your help.

Libfy

2

What does the input and the rest of the sonfiguration look like?

3

Hey,

thanks for your answer.

Here is the full conf file:

input {
syslog {
type => csv
port => 5544
}

}

filter {
csv {
separator => ";"
columns => ["tag","src_ip","ip_status","Threat","HostDom","AS","ASNAme","Note_VT","Last_View","URL_VT"]
}

geoip {
source => "src_ip"
target => "geoip"
database => "/etc/logstash/GeoLiteCity.dat"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
mutate {
convert => [ "[geoip][coordinates]", "float"]
}

}

output {
elasticsearch {
template_overwrite => "true"
action => "index"
hosts => "localhost"
index => "logstash-%{+YYYYMMddHH00}"
document_type => "event"
}
stdout {}
}

And here is the input from another server, though syslog:

true ;x.x.x.x;DOWN;XXXXX;XX;16276;XXXXXXXX;XXX;xxxx;XXXXX

4

Hey,

I think I found the solution: just add locale => fr in the input section. And it works now.

Thanks for your help.