Date format in elasticsearch

pecwich · March 10, 2016, 10:14am

While sending logs from logstash to elasticsearch, How can I specify my date within the logs to "date" format, rather than just a string?

warkolm · March 12, 2016, 2:24am

You should be groking your field in LS and then applying a date filter on it, that should work and it'll be standardised.
Otherwise setup a template that matches the field.

pecwich · March 14, 2016, 5:07am

Can you give an example of how can I apply the date filter?

For example, in my use case, the date format is like: 11 Mar 2016 02:15:46,853

Right now, I am using it like a string. I want it to be of date format which I can apply using either a template, or the date filter like you just said. How can I do that?

warkolm · March 14, 2016, 5:57am

https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html will get you sorted!

pecwich · March 14, 2016, 6:39am

I am parsing my logs using the date format, but it is not appearing as a field in the logstash output.

filter {
grok{
/* parsing of the entire log message */
}
date {
match => [ "logdate", "dd MMM YYYY HH:mm:ss,SSS" ]
}
}

pecwich · March 14, 2016, 7:18am

Can you let me know the solution to my specific problem, i.e. , the date format?