Add a new date field from existing String

kimkong · January 17, 2019, 3:31pm

Hello everybody,

i am totally new in elastic and hope you can show me an easy solution.
i want to add a new date field.
The date is already existing in the file-name, so its written in the source field already.
It looks like this C:\test1\test2\test3\20180715.txt

So the date would be 15.07.2018.

How can i extract this date and show it as a new date field ?

Thanks a lot,
Kim

Badger · January 17, 2019, 3:58pm

Well, you could use grok to extract the date using a pattern like

"[\\]%{NUMBER:date}\."

Then use a date filter to parse it against "YYYYMMdd".

kimkong · January 18, 2019, 10:59am

Thanks, works fine !

system · February 15, 2019, 10:59am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to add a date field? Logstash	1	1326	July 6, 2017
I want to add a date column to my logstash with a date i choose not a timestamp hellpp Logstash	4	301	March 24, 2020
How to create a new field by extracting data from already generated field? Logstash	5	462	November 7, 2018
How to convert a timestamp field to add a new field like "YYYY-MM-dd" Logstash	2	640	July 6, 2017
Why i can't add a date field Logstash	11	1044	May 14, 2018

Add a new date field from existing String

Related topics