Hey all,
I'm looking to add a new date field to sort by within Kibana. Currently, messages are sorted based on the default @timestamp, but I would like to be able to sort on an additional field. The date I am passing in is currently matched to the SYSLOGTIMESTAMP grok filter into a field. That field is currently represented as a string. Does it have to be specially formatted to be converted to a date field from within Kibana?
Thanks!
Upon further research, it looks like I can use the date filter:
Converting string to date
So, I would like additional support if possible. My date would currently be formatted as MMM dd HH:mm:ss, will this field now be converted without replacing the @timestamp field if I do the following?
date { match => ["field_name", "MMM dd HH:mm:ss"] }
Of course assuming the grok{} filter correctly parses the messages into their respective fields, would this work?
If you use the date filter with default configs it will replace the @timestamp field. You can change the target field however, https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html#plugins-filters-date-target.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.