Date format with month's name

mlassnig · July 24, 2017, 2:28pm

Hello there!

I'm new to Elasticsearch, so please be patient.
I didn't find a solution for my issue, so i thought I might try here.

I use a Logstash pipeline to parse my logs to Elasticsearch. My date format looks like this:

28/Mar/2017:07:21:08 +0200

It's parsable using the grok %{HTTPDATE:timestamp} pattern but it's then saved as a string in Elasticsearch, meaning it is not aggregatable and thus useless in my case.
How can i make Elasticsearch save it as a date?
I tried using a mapping, but i didn't find any method of parsing it with the written month (e.g "Jan", "Feb", "Mar"...)

I hope somebody can help me, thanks in advance.
Kindest regards
Matthias

xavierfacq · July 24, 2017, 8:16pm

Hi,

First you can read this post: Invalid format of timestamp

Note that if you change the mapping you have to re-create an index with the new mapping.
Your date format will be something like that:

"dd/MMM/yyyy:HH:mm:ss Z"

bye,
Xavier

xavierfacq · July 24, 2017, 8:46pm

It may be bad, because I'm not able to parse a month with 3 letters in French, but it works in english...

OK

		DateTimeFormatter format = DateTimeFormat.forPattern("MMM");
		DateTime instance = format.withLocale(Locale.ENGLISH).parseDateTime("Oct");

KO

		DateTimeFormatter format = DateTimeFormat.forPattern("MMM");
		DateTime instance = format.withLocale(Locale.FRENCH).parseDateTime("Oct");

#SuperStrange...

system · August 21, 2017, 8:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Mapping for 12h date format Elasticsearch	6	898	January 5, 2017
Convert monthname to monthnumber in logstash configuration file Logstash	2	2143	July 27, 2017
Grok date filter problem with french timestamp Logstash	5	388	October 10, 2022
Impossible format date Logstash	14	389	March 4, 2019
Date format in elasticsearch Elasticsearch	6	691	July 5, 2017

Date format with month's name

Related topics