Date aaray in logstash csv file

Elastic Stack Logstash
1

i trying to upload csv file in logstash where i have dateaaray field .
my sample csv file -

d1,1,2017/09/27 10:00:00,2017/09/27 10:06:00,6,"2017/09/27 10:00:00,2017/09/27 10:01:00,2017/09/27 10:02:00,2017/09/27 10:03:00,2017/09/27 10:04:00,2017/09/27 10:05:00,2017/09/27 10:06:00"
d2,2,2017/09/27 10:38:00,2017/09/27 10:45:00,7,"2017/09/27 10:38:00,2017/09/27 10:39:00,2017/09/27 10:40:00,2017/09/27 10:41:00,2017/09/27 10:42:00,2017/09/27 10:43:00,2017/09/27 10:44:00,2017/09/27 10:45:00"
d3,3,2017/09/27 11:15:00,2017/09/27 11:22:00,7,"2017/09/27 11:15:00,2017/09/27 11:16:00,2017/09/27 11:17:00,2017/09/27 11:18:00,2017/09/27 11:19:00,2017/09/27 11:20:00,2017/09/27 11:21:00,2017/09/27 11:22:00"
d4,3,2017/09/28 10:00:00,2017/09/28 10:06:00,6,"2017/09/28 10:00:00,2017/09/28 10:01:00,2017/09/28 10:02:00,2017/09/28 10:03:00,2017/09/28 10:04:00,2017/09/28 10:05:00,2017/09/28 10:06:00"
d5,4,2017/09/28 10:38:00,2017/09/28 10:45:00,7,"2017/09/28 10:38:00,2017/09/28 10:39:00,2017/09/28 10:40:00,2017/09/28 10:41:00,2017/09/28 10:42:00,2017/09/28 10:43:00,2017/09/28 10:44:00,2017/09/28 10:45:00"
d6,5,2017/09/28 11:15:00,2017/09/28 11:22:00,7,"2017/09/28 11:15:00,2017/09/28 11:16:00,2017/09/28 11:17:00,2017/09/28 11:18:00,2017/09/28 11:19:00,2017/09/28 11:20:00,2017/09/28 11:21:00,2017/09/28 11:22:00"

and my config file -

input {
	file {
	path => "E:\Local_Elasticsearch\logstashv5\datetesting/*.csv"
	start_position => "beginning"
	sincedb_path => "/dev/null" 
	}
}

filter {
	csv {
		separator => ","
		columns  => ["name","uid","startdate","enddate","duration","datelist"]

	}
	mutate {convert =>[uid , "integer"]}
	mutate {convert =>[duration , "integer"]}
	
	  date {
      match => [ "startdate", "ISO8601", "YYYY/MM/dd HH:mm:ss","YYYY/MM/dd HH:mm" ]
      target => "startdate"
      locale => "en"
	  timezone => "Asia/Dubai"
    }
	
	  date {
      match => [ "enddate", "ISO8601", "YYYY/MM/dd HH:mm","YYYY/MM/dd HH:mm:s" ]
      target => "enddate"
      locale => "en"
	  timezone => "Asia/Dubai"
    }
	
	  date {
      match => [ "datelist", "ISO8601", "YYYY/MM/dd HH:mm","YYYY/MM/dd HH:mm:s" ]
      target => "datelist"
      locale => "en"
	  timezone => "Asia/Dubai"
    }
  }

output {
	elasticsearch {
		hosts => "localhost"
		index => "datelisti"
	}
	stdout{}

}

but in kibana datelist field is going as string , how can i have this field as date array field .

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.