Hi,
I would like to convert the timestamp from some syslog-type messages into a time-formatted field. It's currently in this format: 19/07/11 01:15:26. I can't seem to find the right syntax to covert this into a format that is read as time instead of string.
Also, if at all possible, I would like to override the ES document timestamp with this timestamp.
date { match => [ "date", "YY/MM/dd HH:mm:ss" ] }Thanks for the suggestion, it seemed to work when I was pulling in messages from files, but now that I'm pulling in the whole file (per my other post), I want to use the LastModified field from the S3 metadata. It's value is follows 2019-07-17T15:50:24.000Z. Suggestion on how to match that one? 
Given that the s3 input does date comparisons on the LastModified metadata field in the sincedb code I do not think you have to parse it, I think it is already a Logstash::TimeStamp, so it should be a date in elasticsearch and show up with a clock next to it in the Kibana field list.
Interesting. I don't see that field, but I'll keep playing with this. Thanks again.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.