I have following timestamp with different timezones in the log messages.
Aug 11 03:31:12.942 UTC
Aug 11 04:31:12.819 GMT
Aug 10 22:31:51.207 CST
Aug 10 04:31:38.897 PAC
Aug 10 22:31:13.210 CDT
Aug 11 03:31:13.048 PST
Aug 10 23:31:12.940 EST
Aug 10 23:31:12.753 EDT
Can someone help me ,how to convert them to datetime format (yyyy-MM-dd HH:mm:ss)?
Thanks in advance,
Pavani
You can parse those using a date filter.
date { match => [ "someField", "MMM dd HH:mm:ss.SSS ZZZ" ] }
You will need to modify the timezones to unambiguous values before calling the date filter, which you can do using mutate+gsub. For example,
mutate { gsub => [ "someField", "CDT", "CST6CDT", "somefield", "EST", "EST5EDT" ] }
(or "Cuba/Havana" if CDT refers to Cuba daylight time).
Also, if your dates do not have a year in them then logstash will guess, and sometimes it will guess wrong. See issues 137, 100, and the long discussion of 51.
Thanks @Badger,
But, I have total eight different timezones
Aug 11 03:31:12.942 UTC
Aug 11 04:31:12.819 GMT
Aug 10 22:31:51.207 CST
Aug 10 04:31:38.897 PAC
Aug 10 22:31:13.210 CDT
Aug 11 03:31:13.048 PST
Aug 10 23:31:12.940 EST
Aug 10 23:31:12.753 EDT
for PST,CST,PAC timezones what is the unambigous values , because the three timezones gives "_dateparsefailure" tag, Please help me!
Given that they are ambiguous I cannot say how you should replace them, but the list of unambiguous timezones is here.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.