date filter adding tag even if match fails and @timestamp not updated
Description
Logstash is adding the dated tag so, according to the docs, the date filter succeeded. Yet, @timestamp is still ms-resolution and clearly has not been updated from timestamp when we see logstash catch up on old log items.
Config in client:
Example record sent to output:
Activity
Show:
Jason Kendall
April 17, 2014, 6:25 PM
PR Merged, Closing
Philippe Weber
April 10, 2014, 5:05 AM
Submitted PR: https://github.com/elasticsearch/logstash/pull/1244
James Turnbull
April 9, 2014, 12:56 AM
Thanks Garth - I'll update the book example too.
Garth Kidd
April 9, 2014, 12:28 AM
Confirmed. Thanks!
Philippe Weber
April 8, 2014, 4:47 AM
You current date pattern cannot match your date, you need to add another option like (pay attention to the double space before the single d)
Please confirm it fixes your timestamp parsing issue.
The remaining fact that the event is tagged even when the parsing fails seems wrong, I will have a deeper look in the code and tests.