my date which is in below format
"_messagetime" => "08/08/2022 22:18:17.254 +0530"
I am using date filter in my logstash
date {
match => ["_messagetime", "YYYY-MM-dd HH:mm:ss.SSS"]
}
but I am getting
"_dateparsefailure"
Can anyone plz suggest what might be wrong with my approach
The date filter must match the entire value of the field. It cannot just parse a prefix. Also, your date filter has YYYY-MM-dd, but your field has dd/MM/YYYY.
You can parse that field using
date { match => ["_messagetime", "dd/MM/YYYY HH:mm:ss.SSS Z"] }
to get "@timestamp" => 2022-08-08T16:48:17.254Z. Note the trailing Z in the value of [@timestamp] -- all timestamps in logstash are stored in Zulu / UTC timezone.