Hello everybody,
i am totally new in elastic and hope you can show me an easy solution.
i want to add a new date field.
The date is already existing in the file-name, so its written in the source field already.
It looks like this C:\test1\test2\test3\20180715.txt
So the date would be 15.07.2018.
How can i extract this date and show it as a new date field ?
Thanks a lot,
Kim
Well, you could use grok to extract the date using a pattern like
"[\\]%{NUMBER:date}\."
Then use a date filter to parse it against "YYYYMMdd".
Thanks, works fine !
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.