Elasticstack 6.1
I am trying to parse the following field/date:
"EventTime":"2018-02-08 12:43:35.951854Z"
I have used:
filter {
date {
match => [ "EventTime", "yyyy-MM-dd HH:mm:ss:SSSZ" ]
}
}
filter {
date {
match => [ "EventTime", "ISO8106" ]
}
}
And they all return a _dateparsefailure
I am not sure how to get the date to parse correctly
match => [ "EventTime", "yyyy-MM-dd HH:mm:ss:SSSZ" ]
Have you tried SSSSSSS instead of SSS? Also, your date has a period between the seconds and microseconds, not a colon.
match => [ "EventTime", "ISO8106" ]
It's ISO8601.
This eventually worked
filter {
date {
match => ["EventTime", "yyyy-MM-dd HH:mm:ss.SSSSSSZ", "ISO8601" ]
}
}
ISO8601 itself didn't work
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.