Converting ISO8601 to date

Boukhdhira · May 24, 2018, 2:02pm

Hi, i have a date converting problem. I have logs in this format:
2018-04-12T18:20:13+02:00
And I parse logs timestamp by grok as TIMESTAMP_ISO8601. And it works perfectly: log parses and fields adds. But i'm tring to extract date using 2 ways but it doesn't work.
i used the following config:

ruby {
			 code => event['[@metadata][date]'] = event['timestamp_log'].strftime('%Y.%m.%d')
    }

aloso i tried with :

date {
match => [ "timestamp_log", "ddMMYYYY" ]
}

magnusbaeck · May 24, 2018, 8:33pm

If you use a date filter on the field containing "2018-04-12T18:20:13+02:00" and use the target option to not overwrite the @timestamp field you'll end up with a field containing a timestamp value where strftime will work. Extracting a string with grok will just produce a string.

Boukhdhira · May 25, 2018, 8:47am

thanks for answering, i solve probleme using a ruby filter.

 ruby 	{
    		code => "
    		      date= event.get('timestamp_log');
   			      date= DateTime.strptime(date).to_time.localtime.strftime ('%Y%m%d');
  			     event.set('[@metadata][date]',date);
         			"
           	}

system · June 22, 2018, 8:47am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Converting date to ISO8601 Logstash	11	13902	July 6, 2017
Converting a date input as a string into a new format Logstash	2	1844	May 16, 2019
Date filter in logstash.conf not parsing the date while grok parses it by timestamp_iso8601 Logstash	21	27377	July 6, 2017
Date filter ISO 8601 Logstash	3	1404	September 11, 2018
Conver String to date (or replace @timestamp) (SOLVED) Logstash	13	20005	July 6, 2017

Converting ISO8601 to date

Related topics