Hi
I am working on a migration activity where we are moving from a OSS version of Elastic Stack to Platinum version. We were using Logstash in the OSS cluster to parse the logs but in the Platinum cluster we are going to use Ingest Pipeline. I have a scenario where we need to create a new string field by concatenating two string fields and then convert the concatenated string field to date field.
In logstash we could achieve the expected result by the below block
mutate {
add_field => { "timestamp" => "%{date_error} %{time}" }
}
date {
match => ["timestamp", "YYYY-MM-dd HH:mm:ss.SSS"]
}
However in ingest pipeline if i create the new field i.e. timestamp by using Append filter , i am not able to convert it into a date field using date filter.
The data format after concatenation in the "timestamp" field looks like the below -
20200609 14:53:25.390
Please let me know how this can be achieved in Ingest Pipeline