Logstash apache illegal_argument_exception Invalid format

Question

I'm getting the illegal_argument_exception error when logstash handles my apache events. Here is the error:

{"type"=>"illegal_argument_exception", "reason"=>"Invalid format: \"15/Feb/2016:14:56:59 -0500\" is malformed at \"/Feb/2016:14:56:59 -0500\""}}}}, :level=>:warn}

Here is my apache filter:

filter {
  if [fields][type] == "apache" {
    grok {
      patterns_dir => ["/etc/logstash/custom_patterns.txt"]
      match => ["message", "%{COMMONAPACHELOG}" ]
    }
    date {
      locale => "en"
      match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
    }
  }
}

A Sample date formate from my apache log is 15/Feb/2016:14:53:54 -0500

score 0 · Answer 1 · answered Mar 15 '16 at 17:52

I'm using

 match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]

and it works fine, you can try to check the JODA page. Also check your locale , you may need to use locale => "en" or similar to change your locale to really match your format

But i suspect the problem is not in the timestamp, you cut out a important part... in the error, you have the "reason"=>"failed to parse [fieldname]" where the fieldname is the one that is giving the problem... and it might not be the timestamp

Logstash apache illegal_argument_exception Invalid format

1 Answers1