the input file has so many date stamps, I want to aggregate on month or year. when I create the index and I start to define it I only get the @timestamp option which is the date the csv file was imported I want to be able to aggregate on lastmodifcationtime...
}
separator => ","
columns => ["publicfoldername","subject","creationtime","lastmodificationtime","hasattachments","itemtype","messagesize","servername","databasename","originatingserver"]
}
date {
match => ["lastmodificationtime", "dd-MM-yyyy HH:mm:ss"]
**target => "lastmodificationtime"**
}