Hi, I am trying to parse date to field @timestamp. My timestamp looks like below:
"Timestamp" : "11/20/2020 3:32:01 PM"
I tried:
date {
match => [ "Timestamp", "MM/dd/yyyy HH:mm:ss a" ]
remove_field => ["Timestamp"]
}
... or "MM/dd/yyyy KK:mm:ss a" or "MM/dd/yyyy KK:mm:ss aa" or ""MM/dd/yyyy hh:mm:ss a"...
Nothing work, log is not in Kibana or _dateparsefailure.
Would you know the solution? Thanks a lot!!
date { match => [ "Timestamp", "MM/dd/yyyy hh:mm:ss a" ] remove_field => ["Timestamp"] }
works for me
"@timestamp" => 2020-11-20T20:32:01.000Z
Do not use HH, since it will ignore the AM/PM if you tell it you have an hour in the range 0-23.
If the event is not visible in kibana check in elasticsearch directly. If it is not in elasticsearch then your problem is unrelated to the date filter.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.