Convert String to Date field

rubhamra · March 28, 2023, 8:36pm

I tried converting one of the string field to Date field , I can see in the logs that it could changed to date field because it's without quotes . but it's still showing the field is keyword.

Logstash Config

# "Submit Date" => "2022-04-11T17:10:55.000+0000",
 grok {
        match => [ "[response][body][entries][values][Submit Date]", "^(?<[custom.date]>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?)" ]
    }

    date {
    match => ["custom.date", "yyyy-MM-dd'T'HH:mm:ss.SSS"]
    target => "[response][body][entries][values][Submit Date]"
  }

OUPTPUT

   "SLA Res Result Duration" => nil,
                                          "Time Spent (min)" => 0,
                                "Change Request Prev Status" => "Draft",
                                               "Submit Date" => 2023-01-17T16:37:43.000Z,
                                              "TemplateGUID" => nil,
                                                "PortNumber" => nil,
                                       "Requester Contacted" => nil,

Please suggest what I am doing wrong.

Thanks

rubhamra · March 29, 2023, 1:00pm

Any one please help, Elasticsearch version 8.6, using DataStream to index documents.

Rios · March 29, 2023, 2:11pm

Your data pattern accept string and the pattern should be recreated when you are sure that conversion is correct, for instance use ruby debug.

"Submit Date" => 2023-01-17T16:37:43.000Z is date field
"Submit Date" => "2023-01-17T16:37:43.000Z" is string field

Try to create a new temporary index, there should be the date field by default because ES recognize data type.

system · April 26, 2023, 2:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.