Convert String to date and compare it

alex_vermex · August 4, 2022, 10:10am

Hi,
I have two fields and I want to compare it

field1: 20220720091723
field2: 07/20/22 09:17
I want to compare it so i don't know if i should convert to date then compare and how or can someone please tell me what i should do

Thanks!

alex_vermex · August 4, 2022, 11:49am

i tryed this in logstash :

date {
        match => [ "field1", "yyyyMMddHHmmss" ]
      }

but still doesn't work it stays String... and if I convert these two fields so I can compare it, right?

alex_vermex · August 4, 2022, 2:30pm

I think i found the solution but there is somthing wrong

date {
        match => [ "field1", "yyyyMMddHHmmss" ]
        target => "field1"
      }
date {
        match => [ "field2", "dd/MM/yy HH:mm" ]
        target => "field2"
      }

output:

field1: 2022-07-20T09:24:07.000Z
field2: 2022-07-20T05:06:00.000Z
Can I specify the output format? for example I just want to keep yyyy-MM-DD HH:mm because the first field contains the ss and field2 just mm

Any help would be sincerely appreciate!
Thanks!

Badger · August 4, 2022, 4:00pm

Maybe. See this thread.

alex_vermex · August 4, 2022, 8:16pm

Thanks for the reply
there is a little thing that i don't understand here the original field 20220720185907 after matching and target ... it looks like this now field1: 2022-07-20T17:59:07.000Z it was changed for one hour honestly i don't know why.
after ruby filter and thanks for this it gives me someField000: 2022-07-20 18:07
ruby filter :

ruby {
        code => '
            t = Time.at(event.get("Date Transmission").to_f)
            event.set("someField", t.strftime("%Y-%m-%d"))
            event.set("someField000", t.strftime("%Y-%m-%d %H:%m"))
        '
    }

But I specified the minute not the second. did i do something wrong ?
Thanks!

Badger · August 4, 2022, 8:51pm

When you parse a string with a date filter the result is always in UTC (note the Z at the end of [field1]. Is the timezone of the machine running logstash one hour ahead of UTC, as much of Europe is?

alex_vermex · August 5, 2022, 7:21am

Yes ok thanks, just about the ruby filter event.set("someField000", t.strftime("%Y-%m-%d %H:%m")) I specified the minute not the second and it gives me someField000: 2022-07-20 18:07 there is somthing wrong right ?

Badger · August 5, 2022, 2:34pm

Looks OK to me. Why do you think it is wrong?

alex_vermex · August 7, 2022, 8:49am

I mean it should give me someField000:2022-07-20 18:59 not someField000:2022-07-20 18:07 i specified %H:%m not %H: %s no?

Badger · August 7, 2022, 4:41pm

%H:%m is hour and month, not hour and minute. Try %H:%M.

system · September 4, 2022, 4:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
String to date time Logstash	10	843	July 6, 2017
How to convert field date from String to Date? Logstash	13	9039	April 20, 2020
Convert String to Date field Logstash	3	371	April 26, 2023
Convert text field to date Logstash	3	287	January 4, 2023
Conver String to date (or replace @timestamp) (SOLVED) Logstash	13	20005	July 6, 2017

Convert String to date and compare it

Related topics