Convert String to date and replace @timestamp

ginu · December 11, 2019, 11:07am

Hi all
I have a custom field
msg.message.timestamp which have the date in the format yyyy-MM-ddThh:mm:ss.nnnZ format
eg. 2019-12-11T10:17:54.961Z

I would like to use this as @timestamp. I tied a couple of things without success:
Try 1:

if ([msg][message][timestamp]){
        ruby {
            id => update_timetaken_with_msg_message_timestamp
            code => "b=event.get('[msg][message][timestamp]'); event.set('@timestamp', DateTime.parse(b);"
        }
}

Try 2:

mutate {
    convert => { "[msg][message][timestamp]" => "string" }
}
date {
    match => ["[msg][message][timestamp]", "yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'"]
    timezone => "UCT"
    target => "@timestamp"
}

But unfortunately, both are not working

Regards, Ginu

Jenni · December 11, 2019, 1:16pm

Does this work?

date {
    match => ["[msg][message][timestamp]", "ISO8601"]
}

ginu · December 11, 2019, 1:27pm

Thanks a lot Jenni... that worked.

date {
match => ["[msg][message][timestamp]", "ISO8601"]
target => "@timestamp"
}

system · January 8, 2020, 1:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Conver String to date (or replace @timestamp) (SOLVED) Logstash	13	19996	July 6, 2017
How can I convert @timestamp from logstash to encoded format as YYYY-MM-DDThh:mm:ss.sss+/-hh:mm Logstash	12	545	November 25, 2022
Mutate or reformat Winlogbeat timestamp Logstash	3	710	July 10, 2017
Unable to replace @timestamp with some other field in logstash Logstash	6	2309	September 19, 2017
Unable to convert date from string/ change @timestamp value Logstash	15	1222	February 25, 2020

Convert String to date and replace @timestamp

Related Topics