search

logstash-plugins / logstash-filter-date

Apache License 2.0
7 stars 43 forks source link

Date filter only works on exact string match #106

Closed reiz closed 7 years ago

reiz commented 7 years ago

Here my setup:

My test.conf: 

input { stdin {} }
output { stdout { codec => rubydebug } }
filter {
  date {
    match => ["message", "MMM dd HH:mm:ss yyyy"]
    target => "logstamp"
  }
}

If I run this command here, it works fine: 

echo 'Jul 02 23:59:49 2017' | /usr/share/logstash/bin/logstash --path.data=/tmp -f /etc/logstash/conf.d/test.conf

I'm getting this output: 

{
    "@timestamp" => 2017-09-06T14:56:05.960Z,
      "@version" => "1",
          "host" => "acd35c0f862f",
       "message" => "Jul 02 23:59:49 2017",
      "logstamp" => 2017-07-02T23:59:49.000Z
}

But if the input string contains other values beside the date it doesn't work anymore: 

echo 'SAT Jul 02 23:59:49 2017: Found' | /usr/share/logstash/bin/logstash --path.data=/tmp -f /etc/logstash/conf.d/test.conf

Output: 

{
    "@timestamp" => 2017-09-06T14:56:59.187Z,
      "@version" => "1",
          "host" => "acd35c0f862f",
       "message" => "SAT Jul 02 23:59:49 2017: Found",
          "tags" => [
        [0] "_dateparsefailure"
    ]
}

That looks like a bug. The lines in my log files have of course more than just the timestamp.

Any idea what I'm doing wrong?

reiz commented 7 years ago

It works like designed. Now I understand it.