Hi, i have a date converting problem. I have logs in this format:
2018-04-12T18:20:13+02:00
And I parse logs timestamp by grok as TIMESTAMP_ISO8601. And it works perfectly: log parses and fields adds. But i'm tring to extract date using 2 ways but it doesn't work.
i used the following config:
ruby { code => event['[@metadata][date]'] = event['timestamp_log'].strftime('%Y.%m.%d') }
aloso i tried with :
date {
match => [ "timestamp_log", "ddMMYYYY" ]
}
If you use a date filter on the field containing "2018-04-12T18:20:13+02:00" and use the target option to not overwrite the @timestamp field you'll end up with a field containing a timestamp value where strftime will work. Extracting a string with grok will just produce a string.
thanks for answering, i solve probleme using a ruby filter.
ruby {
code => "
date= event.get('timestamp_log');
date= DateTime.strptime(date).to_time.localtime.strftime ('%Y%m%d');
event.set('[@metadata][date]',date);
"
}This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.