Dealing with string date

AdamJade · February 25, 2020, 8:28am

Hi there
I have an issue with this log line:
[2020-02-19 09:42:01.514] [Value1] [value2] [value3] [Value5] [Value6] [Value7]
grok {
match => { "message" => "[%{TIMESTAMP_ISO8601:logDate}] [%{DATA:core}] [%{WORD:serveur}] [%{WORD:Categorie}] [%{WORD:Type}] [%{WORD:entry}] [%{WORD:importance}] [%{DATA:Classe}]" }
overwrite => [ "message" ]
}
date {
match => [ "logDate", "yyyy/MM/dd HH:mm:ss.SSS" ]
}
The logDate is in String type but i want to use it as @timestamp in elasticsearch.
How can'i get it work?
Thnaks for any help.

ITIC · February 25, 2020, 9:02am

Hi

Your date{} pattern ("yyyy/MM/dd HH:mm:ss.SSS") doesn't seem to match the content of logDate (2020-02-19 09:42:01.514), so your date{} filter is not working (https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html).

Hope this helps.

AdamJade · February 25, 2020, 10:06am

I update the date filter and i still have logDate as a string in elasticsearch.

match => [ "logDate", "yyyy-MM-dd HH:mm:ss.SSS" ]

Thanks for the help

ITIC · February 25, 2020, 10:22am

Hi

As you have seen in the documentation I linked, the default target for the date{} filter is @timestamp. You should add target => "logDate" to your date{} filter to change the default.

Hope this helps.

AdamJade · February 26, 2020, 8:24am

Great!!! many thank's it works as expected

Topic		Replies	Views
My timestamp can't get converted to a date type Logstash	8	4413	June 27, 2017
Parsing the date and sending to ElasticSearch Logstash	13	7984	May 26, 2017
Converting string to date Logstash	8	51213	July 6, 2017
Date formatting issue Logstash	2	452	July 6, 2017
String to Date, besides default system @timestamp Logstash	3	864	July 6, 2017

Dealing with string date

Related topics