Hello i am wondering to parse this date in logstash filter July 31st 2018, 09:28:01.000 but i am not able to find the way to match the st part. can anyone give me help?
I would use gsub to remove it.
mutate { gsub => [ "someField", "(^[^:space:]+ [0-9]+)(st|rd|th)", "\1" ] }
\1 refers to the first capture group, which is the first set of parentheses.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.