Csv output date with mm/dd/yyyy hh:mm AM format

chetan_vartak · August 16, 2017, 6:42pm

Hi,

My input is elasticsearch and I want to output to csv.
A date field by default is outputted as - 2017-08-11T18:50:42.000-07:100.
I want it to output as 08/11/2017 06:50 PM

My current conf file -
input {
elasticsearch {
hosts => "localhost:9200"
index => "perfectorder"
query => '
{
"query": {
"bool": { "must": [ { "term": {"_type": "Order"} } ]
}
}
}'
}
}
}
output {
csv {
fields => ["[Order][EID]","[Order][Status]","[Order][ShipmentMethod]","[Order][ReleaseDate]","[Order][ShipDate]","[Order][DeliveryDate]","[Order][CycleTime]"]
path => "E:\ES\logstash-5.5.0\config\perfectorder.search.gci.sla.order_export.csv"
}
}

chetan_vartak · August 18, 2017, 8:09pm

I was able to get the desired result using ruby filter...
code sample -

filter {
  ruby { 
	code => "
	event.set('OrderTime', '')
	event.set('OrderDate', '')
	if event.get('[Order][OrderDate]') != nil
		splitOrderDate = event.get('[Order][OrderDate]').split('T')
		event.set('OrderTime',Time.parse(splitOrderDate[1][0..5]).strftime('%I:%M %p'))
		event.set('OrderDate',Date.parse(splitOrderDate[0]).strftime('%m/%d/%y'))
	end
		"	
} 
  mutate {
	add_field => { 
		"[Order][OrderDateTime]" => "%{OrderDate} %{OrderTime}" 
	}
	}
}

system · September 15, 2017, 8:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.