i have a string timestamp field in my log,i need to change the string to date format,
This is my sample log file:
{"LogMsg":"{"type":"GAUGE", "name":"io.dropwizard.jetty.MutableServletContextHandler.percent-4xx-15m", "value":0.3320844220109032,"Time":"2017-08-10_18:11:40.461"}"}
Filter:
date {
match => ["Time","dd MMM yyyy;HH:mm:ss.SSS"]
target => "Time"
}
After applying this date filter Time is not converted to date format.
Thanks and Regards,
E.Jones Thomas
The date pattern "dd MMM yyyy;HH:mm:ss.SSS" obviously doesn't match the actual time format "2017-08-10_18:11:40.461". You'll have to rearrange things a little bit. See the date filter documentation for details on what the various pieces of the date pattern mean.
Also, you are using a json codec or filter to process the input, right, so that there actually is a Time field to parse?
try this 
date {
match => ["Time","YYYY-MM-dd_HH:mm:ss.SSSS"]
target => "Time"
}i reindexed, tried again still in string field and _dateparsefailure is showing in kibana.
This is my Json-filter:
ilter {
json {
source => "message"
}
json {
source => "LogMsg"
}
date {
match => ["Time","YYYY-MM-dd_HH:mm:ss.SSSS"]
target => "Time"
}
}
Have you looked in the Logstash log for clues? When the date filter adds the _dateparsefailure tag it also logs a reason for it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.