Date Convert

graimato · August 17, 2021, 10:25am

Hello,
I created a pipeline to parse log file I want to parse datetime as follow

17/08/2021:12:14:50 +0200
Or
17/Aug/2021:12:14:50 +0200

I wrote pipeline

"patterns" : [
       "%{HTTPDATE:time}
....

   {
        "date" : {
          "field" : "time",
          "target_field" : "@timestamp",
          "formats" : [
              "dd/MM/yyyy:H:m:s Z || dd/MMM/yyyy:H:m:s Z"
          ],
          "timezone" : "Europe/Rome",
          "on_failure" : [
            {
              "append" : {
                "field" : "error.message",
                "value" : "{{_ingest.on_failure_message}}"
              }
            }
          ]
        }
      }

Everything works well when I use format

17/Aug/2021:12:14:50 +0200

but fails when I use

17/08/2021:12:14:50 +0200

Has someone solved it?

best regards

Felix_Roessel · August 17, 2021, 11:12am

You syntax for having two formats is wrong. Its an array. So you need to do it comma seperated in different Strings. ["format 1","format 2"]

graimato · August 17, 2021, 2:29pm

Thanks for your response

  {
        "date" : {
          "target_field" : "@timestamp",
          "formats" : [
            "dd/MM/yyyy:H:m:s Z",
            "dd/MMM/yyyy:H:m:s Z"
          ],
          "timezone" : "Europe/Rome",
          "on_failure" : [
            {
              "append" : {
                "field" : "error.message",
                "value" : "{{_ingest.on_failure_message}}"
              }
            }
          ],
          "field" : "time"
        }
      }

but also in this case works for

17/Aug/2021:12:14:50 +0200

and not works for

17/08/2021:12:14:50 +0200

graimato · August 31, 2021, 11:06am

I used ISO8601 and it works

system · September 28, 2021, 11:06am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.