Converting ISO8601 to date

Boukhdhira · May 24, 2018, 2:02pm

Hi, i have a date converting problem. I have logs in this format:
2018-04-12T18:20:13+02:00
And I parse logs timestamp by grok as TIMESTAMP_ISO8601. And it works perfectly: log parses and fields adds. But i'm tring to extract date using 2 ways but it doesn't work.
i used the following config:

ruby {
			 code => event['[@metadata][date]'] = event['timestamp_log'].strftime('%Y.%m.%d')
    }

aloso i tried with :

date {
match => [ "timestamp_log", "ddMMYYYY" ]
}

magnusbaeck · May 24, 2018, 8:33pm

If you use a date filter on the field containing "2018-04-12T18:20:13+02:00" and use the target option to not overwrite the @timestamp field you'll end up with a field containing a timestamp value where strftime will work. Extracting a string with grok will just produce a string.

Boukhdhira · May 25, 2018, 8:47am

thanks for answering, i solve probleme using a ruby filter.

 ruby 	{
    		code => "
    		      date= event.get('timestamp_log');
   			      date= DateTime.strptime(date).to_time.localtime.strftime ('%Y%m%d');
  			     event.set('[@metadata][date]',date);
         			"
           	}

system · June 22, 2018, 8:47am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Converting a date input as a string into a new format Logstash	2	1842	May 16, 2019
Date filter in logstash.conf not parsing the date while grok parses it by timestamp_iso8601 Logstash	21	27371	July 6, 2017
Conver String to date (or replace @timestamp) (SOLVED) Logstash	13	19996	July 6, 2017
Logstash custom DATE fields (extracted by regex or custom patterns) how to convert it to DATE field Elasticsearch	8	552	January 4, 2024
Best Method to Manipulate Date & TimeStamp Logstash	3	5553	November 15, 2018

Converting ISO8601 to date

Related Topics