diff --git a/filters/indexer.conf b/filters/indexer.conf
index d18cef3..42e84ad 100644
--- a/filters/indexer.conf
+++ b/filters/indexer.conf
@@ -39,7 +39,12 @@ filter {
       negate => false
       # NOTE(mriedem): oslo.log 1.2.0 changed the logging_exception_prefix
       # config option from using TRACE to ERROR so we have to handle both.
-      pattern => "^%{TIMESTAMP_ISO8601}%{SPACE}%{NUMBER}?%{SPACE}?(TRACE|ERROR)"
+      #
+      # NOTE(sdague): stack traces always include process id, so
+      # NUMBER being required element here is important, otherwise
+      # ERROR messages just fold into the previous messages, which are
+      # typically INFO.
+      pattern => "^%{TIMESTAMP_ISO8601}%{SPACE}%{NUMBER}%{SPACE}(TRACE|ERROR)"
       what => "previous"
       stream_identity => "%{host}.%{filename}"
     }
@@ -88,6 +93,7 @@ filter {
     date {
       match => [ "logdate",
                  "yyyy-MM-dd HH:mm:ss.SSS",
+                 "yyyy-MM-dd HH:mm:ss.SSSSSS",
                  "yyyy-MM-dd HH:mm:ss,SSS",
                  "yyyy-MM-dd HH:mm:ss",
                  "MMM  d HH:mm:ss",
@@ -95,7 +101,8 @@ filter {
                  "dd/MMM/yyyy:HH:mm:ss Z",
                  "yyyy-MM-dd HH:mm:ss.SSSZ",
                  "E MMM dd HH:mm:ss yyyy Z",
-                 "E MMM dd HH:mm:ss yyyy"
+                 "E MMM dd HH:mm:ss yyyy",
+                 "ISO8601"
                ]
       timezone => "UTC"
     }