Add more logstash timestamp formats

Logstash is failing to index some events because it can't parse the timestamp. {:timestamp=>"2015-11-24T06:45:06.308000+0000", :message=>"Failed parsing date from field", :field=>"logdate", :value=>"2015-11-24 06:41:40.274488", :exception=>java.lang.IllegalArgumentException: Invalid format: "2015-11-24 06:41:40.274488", :level=>:warn} Add another string match for these more precise timestamps, and also add ISO8601 as a fallback pattern. Change-Id: Ic821bbc353be2883099ac84a2f33e363864dcd94
2015-11-30 11:46:56 -08:00 · 2015-11-30 11:46:56 -08:00 · 0d576e8191
parent df520b64cd
commit 0d576e8191
1 changed files with 3 additions and 1 deletions
--- a/modules/openstack_project/templates/logstash/indexer.conf.erb
+++ b/modules/openstack_project/templates/logstash/indexer.conf.erb
@ -93,6 +93,7 @@ filter {
    date {
      match => [ "logdate",
                 "yyyy-MM-dd HH:mm:ss.SSS",
+                 "yyyy-MM-dd HH:mm:ss.SSSSSS",
                 "yyyy-MM-dd HH:mm:ss,SSS",
                 "yyyy-MM-dd HH:mm:ss",
                 "MMM  d HH:mm:ss",
@ -100,7 +101,8 @@ filter {
                 "dd/MMM/yyyy:HH:mm:ss Z",
                 "yyyy-MM-dd HH:mm:ss.SSSZ",
                 "E MMM dd HH:mm:ss yyyy Z",
-                 "E MMM dd HH:mm:ss yyyy"
+                 "E MMM dd HH:mm:ss yyyy",
+                 "ISO8601"
               ]
      timezone => "UTC"
    }