Converting a date input as a string into a new format

thadc · April 18, 2019, 3:15pm

Hello, I have a need to convert a field value for a log time stamp from its current ISO8601 into a format of yyyy.mm.dd hh.mm.ss on output. I have a filter similar to the following:

filter {
.
. (grok section to parse input omitted for clarity)
.
date {
match => ["logDateTime", "ISO8601"]
target => "logDateTimeAlias"
}
}

so this date filter properly isolates all the logDateTime values and properly assigns them to the target logDateTimeAlias on output. However, date does not have to way to convert the field value to another format and I cannot find a filter that does except of date_formatter which I cannot install the plugin for in my environment.

I would be grateful for any ideas on how to convert the format in the manner I am looking for. Thanks!

Badger · April 18, 2019, 4:29pm

You could do it in Ruby. This works, but doesn't feel quite right.

    ruby {
        code => '
            t = event.get("@timestamp")
            event.set("dateTime", Time.at(t.to_f).strftime("%Y.%m.%d %H.%M.%S"))
        '
    }

system · May 16, 2019, 4:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Converting ISO8601 to date Logstash	3	1475	June 22, 2018
Date filter issue String to ISO Timestamp Logstash	9	865	June 7, 2019
String to date time Logstash	10	843	July 6, 2017
How can I convert @timestamp from logstash to encoded format as YYYY-MM-DDThh:mm:ss.sss+/-hh:mm Logstash	12	553	November 25, 2022
Unable to change date format Logstash	4	329	March 1, 2022

Converting a date input as a string into a new format

Related topics