Hello,
I am not blocked on a problem of conversion of string in date timestamp.
Indeed, I have a filebeat that reads a json file already made and sends it to logstaash. and at the logstash level, I wanted to convert the timestamp field to date so that it takes into account the date of the log and not the indexing date of the data in the database.
here is the output of logstash :
"full_log" => "Aug 1 02:02:15 xxxx sshd[12571]: Failed password for root from 1.1.1.1 port 3 ssh2",
"predecoder" => {
"timestamp" => "Aug 1 02:02:15",
"program_name" => "sshd",
"hostname" => "xxxxx"
},
"offset" => 3,
"@timestamp" => 2018-08-19T08:24:26.705Z
}
The changes I made at the logstash level did not do anything
date{
match => ["timeestamp", "YYYY-MM-dd HH:mm:ss", "YYYY/MM/dd HH:mm:ss +0200"]
target => "@timestamp_new"
timezone => "UTC"
}
What should I change to solve my problem? Thank you