Convert text field to date in ingest pipeline

KentLee · May 4, 2023, 7:55pm

Hi,
I am creating a ingest pipeline to ingest application log to elastic and I have the log line format as follow:
[2023-05-03 16:12:19,420] - [Application Name] - [INFO] - Log details goes here

Based on this format I created an ingest pipeline with grok processor:
\[%{TIMESTAMP_ISO8601:log.timestamp}\] - \[%{DATA:log.appName}\] - \[%{DATA:log.level}\] %{GREEDYDATA:log.message}.

It's working fine. However, I wanted to convert the field log.timestamp (which is a text field) to date, and the date processor shows "error"

Priscilla_Parodi · May 4, 2023, 11:16pm

Hello KentLee,

Probably because the text field containing log dates 2023-05-03 16:12:19,420 does not match the date format ["yyyy-MM-dd HH:mm:ss.SSS"]

Try to use this yyyy-MM-dd HH:mm:ss,SSS in the Formats.

Hope it helps.

KentLee · May 5, 2023, 12:59pm

Thank you, it works.

system · June 5, 2023, 6:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.