In Logstash, I want to convert a string into a timestamp using the date filter. The string looks follows:
Fri Nov 05 06:24:28.651 CET 2021
I've tried the following pattern to no avail:
date {
match => [ "syslog_timestamp", "EEE MMM dd HH:mm:ss.SSS ZZZ yyyy"]
locale => "en_US"
timezone => "Europe/Berlin"
target => "syslog_timestamp"
}
This is confusing since Logstash is said to use the Joda library and Joda in turn says 'CET' is a legal timezone ID. I confirmed the results by testing the Jody library v2.10.13 directly in a Java application.
How to parse CET/CEST in the date filter?
Since time zone names (z) cannot be parsed and ZZZ still wouldn't match the daylight-saving variant 'CEST' according to Joda's documentation, I worked around this issue in Logstash by handling the timezone code as text and passing multiple patterns with the standard time zone and daylight-saving time zone to the filter:
match => [ "syslog_timestamp", "EEE MMM dd HH:mm:ss.SSS 'CET' yyyy", "EEE MMM dd HH:mm:ss.SSS 'CEST' yyyy"]