Hi! This is the sample logs which I am trying to store in elasticsearch index.
Mar 26 08:48:21 ip-192-168-0-94 sshd[18576]: Received disconnect from 115.238.245.2: 11: [preauth]
I want to convert this date pattern to something like "2017-01-12T07:56:41+0000". This is the filter I am using to parse the date.
date {
match => [ "date", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
I can see that in my elasticsearch index @timestamp field is stored like this- "2018-03-18T19:50:42.000Z". How do I convert this @timestamp format to "2017-01-12T07:56:41+0000". I've tried using mutate filter but it didn't work.
Yes, I want to change @timestamp in a different format because the time stored in other indexes are in "2017-01-12T07:56:41+0000" format and for the mapping purpose I want to store the same timestamp format across all of my indexes.
I have also thought about updating the 'date' field with the new format but couldn't find the way of doing so.
I have one doubt when I used this mutate filter to convert timestamp format in my local windows machine it worked properly and gave me time with +0000 format but, the same filter I've tried on my actual server which is an ubuntu machine & the datetime on kibana is still showed in 2018-03-28T22:12:37.472Z format. What could be the possible reason? Please help!
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
