I am new to ELK and am playing around with some basic data sources to learn how to set things up properly. The current CSV file that I'm parsing has two date fields in it: Modified Date and Published Date. These fields are both in the format: 12/08/2017 at 19:21:13 (GMT-0600). I have tried to use the date filter and grok filter to parse this these two fields from strings to a usable date format, but neither appear to do anything. I've tested the grok filter at the debugger sites and everything seems fine, but the new fields are never created.
filter {
csv {
separator => ","
columns => ["qid","Title","Sub-Category","Category","CVE","Vendor","CVSS Base", "CVSS3 Base","Bugtraq ID","Modified Date","Published Date"]
}
grok {
match => {"Published Date" => "%{DATE:Published}"}
match => {"Modified Date" => "%{DATE:Modified}"}
}
}