I've just upgraded from 5.2 to 5.6 in my test environment.
After the upgrade my logstash filter for date stopped working.
I'm getting a date of "Sep 26 11:01:41" and matching on
"match => [ "syslog_timestamp", "MMM dd HH:mm:ss" ]"
it throws
JSON parse error, original data now in message field {:error=>#<LogStash::Json::ParserError: Unrecognized token 'Sep': was expecting ('true', 'false' or 'null')
You have one too many spaces in your pattern "MMM dd HH:mm:ss" should be "MMM dd HH:mm:ss"
"match => [ "syslog_timestamp", "MMM dd HH:mm:ss" ]"
^
|
here