Hi,
I have the following input in a "Date" field:
Date=2020.11.12
Currently, it's displaying as this in Kibana:
Date Nov 12, 2020 @ 00:00:00.000
I would like to display this as is in Kibana, i.e., Date: 2020.11.12. How do I do that? I want to use the yyyy.MM.dd format and without the timestamp. Can I modify the date field to do this?
This is what I have in the Index Template Mapping:
"Date": {
"format": "strict_date_optional_time||epoch_millis||yyyy.MM.dd",
"index": true,
"ignore_malformed": false,
"store": false,
"type": "date",
"doc_values": true
}
This is what I have in the logstash config file:
input {
udp { port => 1001 id => "syslog_id" buffer_size => 196608 receive_buffer_bytes => 196608 }
}
filter {
if [message] =~ /InbTxnType/ {
mutate { add_tag => ["TRANSACTION", "SUMMARY"] }
kv { trim_key => " " trim_value => " " source => "logMessage" value_split => "=" field_split => "," }
date { match => ["Date","yyyy.MM.dd"] target => "Date" }
}
}
output {
if "SUMMARY" in [tags] {
elasticsearch{ hosts => ["elasticsearch-client:80"] index => "summary-transaction-%{+YYYY.MM}" }
}
}
Matt,
We are using ELK 7.6.
Here are the screenshots. The InputDate.png is the one that's being sent to us from the application thru Load Balancer to Logstash. The OutpuDate.png is the one that's being displayed in Kibana.
Yes, I've done that. I've set the date format )yyyy.MM.dd) in the index pattern. Please see attached.
Thats not a screenshot from the index pattern field format editor. I suspect its an ingest related screenshot. Try going to Stack Management -> Index Patterns and set the formatting there.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
