From 5824bc7e241420ea2dd47d9ccce2e08e6a8f9118 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Tue, 11 Feb 2014 11:31:19 -0800
Subject: [PATCH] Parse timestamps in libvirt logs properly.

The libvirt logs use a slightly different timestamp than the other log
files (iso8601 including the timezone offset) which makes logstash
unhappy when it receives these timestamps. Parse them properly to keep
logstash logs under control and hopefully happy.

Change-Id: I18b7f263d083d9babbdf1404298cb7def0b8501a
---
 modules/openstack_project/templates/logstash/indexer.conf.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/openstack_project/templates/logstash/indexer.conf.erb b/modules/openstack_project/templates/logstash/indexer.conf.erb
index d0abcc0d1b..0fc5c0214b 100644
--- a/modules/openstack_project/templates/logstash/indexer.conf.erb
+++ b/modules/openstack_project/templates/logstash/indexer.conf.erb
@@ -102,7 +102,7 @@ filter {
 
   if ! ("_grokparsefailure" in [tags]) {
     date {
-      match => [ "logdate", "yyyy-MM-dd HH:mm:ss.SSS", "yyyy-MM-dd HH:mm:ss,SSS", "yyyy-MM-dd HH:mm:ss", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss", "dd/MMM/yyyy:HH:mm:ss Z" ]
+      match => [ "logdate", "yyyy-MM-dd HH:mm:ss.SSS", "yyyy-MM-dd HH:mm:ss,SSS", "yyyy-MM-dd HH:mm:ss", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss", "dd/MMM/yyyy:HH:mm:ss Z", "yyyy-MM-dd HH:mm:ss.SSSZ" ]
       timezone => "UTC"
     }
     mutate {