If date {} ‘s match method is used, and multiple formats are supplied to match against, what happens if more than one format matches? Does it just use the first match made, the last match made, or something else?
date {
match => [ "timestamp", "format1", "format2" ]
}
(Both format 1 and format 2 match.)
The patterns are tried in order and the first match wins.
Thank you, and especially for taking the time to get the code showing it.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.