Convert text field to date in ingest pipeline

KentLee · May 4, 2023, 7:55pm

Hi,
I am creating a ingest pipeline to ingest application log to elastic and I have the log line format as follow:
[2023-05-03 16:12:19,420] - [Application Name] - [INFO] - Log details goes here

Based on this format I created an ingest pipeline with grok processor:
\[%{TIMESTAMP_ISO8601:log.timestamp}\] - \[%{DATA:log.appName}\] - \[%{DATA:log.level}\] %{GREEDYDATA:log.message}.

It's working fine. However, I wanted to convert the field log.timestamp (which is a text field) to date, and the date processor shows "error"

Priscilla_Parodi · May 4, 2023, 11:16pm

Hello KentLee,

Probably because the text field containing log dates 2023-05-03 16:12:19,420 does not match the date format ["yyyy-MM-dd HH:mm:ss.SSS"]

Try to use this yyyy-MM-dd HH:mm:ss,SSS in the Formats.

Hope it helps.

KentLee · May 5, 2023, 12:59pm

Thank you, it works.

system · June 5, 2023, 6:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Converting Date-String into Date with Ingest-pipeline not working Elasticsearch ingest-pipeline	2	1139	July 30, 2021
DateFormat in ingest pipeline Kibana	2	1568	February 24, 2022
Kibana Ingest pipeline Convert String to Date? Kibana ingest-pipeline	6	824	October 6, 2022
From text da date ingestion pipeline Kibana ingest-pipeline	4	298	June 18, 2021
Date processor - Pipeline Elasticsearch ingest-pipeline	4	1157	March 19, 2022

Convert text field to date in ingest pipeline

Related Topics