Combining a dat field and a time field into a single timestamp

Hyperion0 · November 21, 2019, 1:18pm

I have a text log with date and time listed as 2 separate fields and I want to combine them into a single date-time to use as my timestamp in Kibana.

The entry looks like this:
10/03/19 18:04:40

My conf looks something like thins:
...
grok {
match => { "%{DATA:loggedDate} %{DATA:loggedTime}" }
}
mutate {
add_field => { "%{eventLongTime}" => "%{loggedDate} %{loggedTime}" }
}
date {
match => [ "%{eventLongTime}", "MM/dd/yyyy HH:mm:ss" ]
}

Currently this produces the correct information in eventLongTime when I look at the stdout it says
%{eventLongTime} => 10/03/19 18:04:40. but the date match is still all wrong. If anyone has any ideas or advice I'd appreciate it.

abdon · November 21, 2019, 1:37pm

Your date has a two-digit year, "19". You should use yy instead of yyyy in the date format of the date filter. The following should work:

MM/dd/yy HH:mm:ss

Hyperion0 · November 21, 2019, 1:54pm

Thanks abdon!
That seemed to do the trick.

system · December 19, 2019, 1:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.