Hello everyone,
Having two cords:
date = 201808612
hour = 1234
is there a way to replace it with the @timestamp with the logstash date module.
Thanks
Are you saying that you want to have the date and hour be used as @timestamp?
Also, is the hour field the time of day?
I am in the situation where I have a field named date (string) and time (string) and I wanted to replace it with the @timpstamp
Well I think you have two options here.
- You could modify the groks so that the date and time fields are parsed out as a single string. Then you would use the date plugin which replaces it as the @timestamp.
- You could use the mutate to add a field which combines the two fields into a single field called datetime. Then you would use the newly created field and the date plugin to replace it as the @timestamp.
Here are some useful links:
https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html
https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.