I have folowed the recommanded step .
date {
match => [ "ING_SIGNAL_START_TIME", "YYYY-MM-dd'+'HH:mm:ss.SSS" ]
target => [ "newdate_1" ]
remove_field => [ "ING_SIGNAL_START_TIME" ]
}
date {
match => [ "ING_ADDRESS_COMPLETE_TIME", "YYYY-MM-dd'+'HH:mm:ss.SSS" ]
target => [ "newdate_2" ]
remove_field => [ "ING_ADDRESS_COMPLETE_TIME" ]
All the columns which marked as removed_field=> .... Did NOT removed , and actually all the date fields are still appear as Strings.
In the stdout i dont see the "newdate_xx" fields
Example
....
"CALLED_NUMBER" => 4478,
"EGR_CALL_RELEASE_TIME" => "04/18/2019 05:58:38",
"ING_CALL_ANSWER_TIME" => "04/18/2019 05:58:36",
"ING_RELEASE_COMPLETE_TIME" => "04/18/2019 05:58:38",
....
"@version" => "1",
}
{
"tags" => [
[0] "_dateparsefailure"
],
Any advise ... ?
Thanks