Logstash is adding the dated tag so, according to the docs, the date filter succeeded. Yet, @timestamp is still ms-resolution and clearly has not been updated from timestamp when we see logstash catch up on old log items.
Config in client:
Example record sent to output:
You current date pattern cannot match your date, you need to add another option like (pay attention to the double space before the single d)
Please confirm it fixes your timestamp parsing issue.
The remaining fact that the event is tagged even when the parsing fails seems wrong, I will have a deeper look in the code and tests.
Confirmed. Thanks!
Thanks Garth - I'll update the book example too.
Submitted PR: https://github.com/elasticsearch/logstash/pull/1244
PR Merged, Closing