Can date ingest processor process a String to extract a Date from it

Augustus1995 · December 13, 2017, 7:00am

Hi guys
I find a question about Can date ingest processor process a String to extract a Date from it.

And i follow the guide and use Date Processor, but my log message is complex

2017-12-13 11:10:30.000 [pool-10-thread-7] DEBUG c.h.i.c.m.servicemanager.task.PassiveNodeHbTask - PassiveNodeHbTask started

And in order to use Date Processor i have to use Grok Processor to extract date as a new field such as

PUT _ingest/pipeline/java-pipeline
{
  "description" : "describe pipeline",
  "processors" : [
    {
      "grok": {
        "field": "message",
        "patterns": ["%{TIMESTAMP_ISO8601:logatime}"]
      },
      "date" : {
        "field" : "logatime",
        "target_field": "@timestamp", 
        "formats" : ["yyyy-MM-dd HH:mm:ss.SSS"], 
        "timezone": "Asia/Shanghai"
      },
      "remove": {
        "field": "logatime"
      }
    }
  ]
}

But in this way , i will add an useless field ------ logatime

I don't want to add this field if possibile

So can date ingest processor process a complex String to extract a Date from it.

dadoonet · December 13, 2017, 7:39am

logatime is removed by the remove processor. So I don't understand what you mean.

But I doubt your grok pattern is correct. I don't think that %{TIMESTAMP_ISO8601:logatime} matches 2017-12-13 11:10:30.000 [pool-10-thread-7] DEBUG ....

Augustus1995 · December 13, 2017, 8:10am

In fact i use logatime as a middle field to help me extract date from the complex String, therefore i add logatime at beginning and remove logatime finally.

And it extract date as @timestamp from a complex string.

But i wonder is there have a simpler way to extract date directly without middle field. Such as i could use
regular expression in date processor

Augustus1995 · December 13, 2017, 8:18am

And my grok pattern is incomplete because i only want to extract date. It still work and i will write it later.

dadoonet · December 13, 2017, 10:11am

But i wonder is there have a simpler way to extract date directly without middle field.

No but what is your concern of adding and removing a field?

Augustus1995 · December 13, 2017, 11:23am

Thanks a lot!!!
i worried it maybe a little slow.
but if there is no other solution, i will still use a middle field
Thank you!!

Topic		Replies	Views
Convert text field to date in ingest pipeline Elasticsearch ingest-pipeline	3	1173	June 5, 2023
Date parser using ingest node Beats filebeat	1	343	February 6, 2020
How to setup pipline to extract file using grok in Elastic if the timestamp format is "20Aug21 20:36:07.058931 @fsafsasfdasdsadasd" Elasticsearch ingest-pipeline	9	466	March 27, 2022
Date transform Elasticsearch	11	2119	June 12, 2017
Parsing multiple date types from message field with ingest node Elasticsearch	3	1656	October 24, 2018

Can date ingest processor process a String to extract a Date from it

Related topics