Can date ingest processor process a String to extract a Date from it

Augustus1995 · December 13, 2017, 7:00am

Hi guys
I find a question about Can date ingest processor process a String to extract a Date from it.

And i follow the guide and use Date Processor, but my log message is complex

2017-12-13 11:10:30.000 [pool-10-thread-7] DEBUG c.h.i.c.m.servicemanager.task.PassiveNodeHbTask - PassiveNodeHbTask started

And in order to use Date Processor i have to use Grok Processor to extract date as a new field such as

PUT _ingest/pipeline/java-pipeline
{
  "description" : "describe pipeline",
  "processors" : [
    {
      "grok": {
        "field": "message",
        "patterns": ["%{TIMESTAMP_ISO8601:logatime}"]
      },
      "date" : {
        "field" : "logatime",
        "target_field": "@timestamp", 
        "formats" : ["yyyy-MM-dd HH:mm:ss.SSS"], 
        "timezone": "Asia/Shanghai"
      },
      "remove": {
        "field": "logatime"
      }
    }
  ]
}

But in this way , i will add an useless field ------ logatime

I don't want to add this field if possibile

So can date ingest processor process a complex String to extract a Date from it.

dadoonet · December 13, 2017, 7:39am

logatime is removed by the remove processor. So I don't understand what you mean.

But I doubt your grok pattern is correct. I don't think that %{TIMESTAMP_ISO8601:logatime} matches 2017-12-13 11:10:30.000 [pool-10-thread-7] DEBUG ....

Augustus1995 · December 13, 2017, 8:10am

In fact i use logatime as a middle field to help me extract date from the complex String, therefore i add logatime at beginning and remove logatime finally.

And it extract date as @timestamp from a complex string.

But i wonder is there have a simpler way to extract date directly without middle field. Such as i could use
regular expression in date processor

Augustus1995 · December 13, 2017, 8:18am

And my grok pattern is incomplete because i only want to extract date. It still work and i will write it later.

dadoonet · December 13, 2017, 10:11am

But i wonder is there have a simpler way to extract date directly without middle field.

No but what is your concern of adding and removing a field?

Augustus1995 · December 13, 2017, 11:23am

Thanks a lot!!!
i worried it maybe a little slow.
but if there is no other solution, i will still use a middle field
Thank you!!

system · January 10, 2018, 11:23am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Convert text field to date in ingest pipeline Elasticsearch ingest-pipeline	3	838	June 5, 2023
Ingest date with 12 hour format Elasticsearch	5	2017	August 8, 2019
Date processor error Elasticsearch ingest-pipeline	4	440	August 17, 2021
Extract @datetime field from a string in an index pattern and make it filterable using datetime Elasticsearch ingest-pipeline	6	396	February 20, 2023
Parsing multiple date types from message field with ingest node Elasticsearch	3	1612	October 24, 2018

Can date ingest processor process a String to extract a Date from it

Related topics