I'm looking to parse the following date using the "Date" ingest processor
20/Jul/2021:07:28:46 --0400
I tried doing so using these formats
dd/MMM/yyyy:HH:mm:ss -ZZZZZ
dd/MMM/yyyy:HH:mm:ss '-'ZZZZZ
However, I get the following error:
Text '20/Jul/2021:07:28:46 --0400' could not be parsed at index 22
What format can I use to parse the date/time string?
Try This... BTW that is a poor / atypical time format in the string with the extra -
POST /_ingest/pipeline/_simulate
{
"pipeline": {
"description": "time test",
"version": 0,
"processors": [
{
"date": {
"field": "mydate",
"formats": ["dd/MMM/yyyy:HH:mm:ss -Z"]
}
}
]
},
"docs": [
{
"_index": "m-index",
"_id": "kMpUTHoBr7SFhhL5-98P",
"_source": {
"mydate": "20/Jul/2021:07:28:46 --0400"
}
}
]
}
result
{
"docs" : [
{
"doc" : {
"_index" : "m-index",
"_type" : "_doc",
"_id" : "kMpUTHoBr7SFhhL5-98P",
"_source" : {
"mydate" : "20/Jul/2021:07:28:46 --0400",
"@timestamp" : "2021-07-20T11:28:46.000Z"
},
"_ingest" : {
"timestamp" : "2021-07-20T18:52:20.77606153Z"
}
}
}
]
}
Thank you!
Unfortunately the extra - is there by default in ModSecurity logs 
@omurad
Thanks! I did not know that about the mod sec logs.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.