Hi
I've a Time field in my log file which is a string type, i want that field to be date field.
#my logstash filter config file
kv{
value_split => "="
}
date {
match => ["Time","yyyy-MM-dd_HH:mm:ss.SSS"]
target => "time"
}
}
#A sample line of data in my log file
{"Metrics":"type=METER, name=systems.ellora.core.exception.UnhandledRuntimeMapper, count=0, mean_rate=0.0, m1=0.0, m5=0.0, m15=0.0, rate_unit=events/second, Time=2017-08-16_02:54:59.054"}
Any kind of help is appreciated.
There was a thread about this exact problem yesterday.
Thanks for your reply @magnusbaeck.
There's a doubt araised when i tried the example in elastic website.
When we use date logstash filter what is happening in behind it, whether it parses our input or converting our input to date type?
It doesnt seems to be converting the input, just parses in my perspective.
Correct me if im wrong.
Thanks in advance.
Logstash only sends JSON to Elasticsearch. How Elasticsearch interprets the contents of each field is up to how the mapping of each field have been configured. If no mapping exists for a field ES will usually let its automapper add a suitable mapping based on the field contents.
The field contents produced by the date filter will be recognized as a date by ES, but if the field already has been mapped as a string the field will remain a string.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.