Extract datatime in log and convert in datatime field?

Nikolas1306 · October 19, 2022, 3:14pm

i ve this config in logstash

filter
{

grok {
   match => ["message", "%{TIMESTAMP_ISO8601:timestamp_message}"]
}


  date {
           match => ["timestamp_message","YYYY-MM-dd HH:mm:ss"]
           target => "@timestamp"
      } 
}

but in my kibana "timestamp_message" is not datetime filelds and is not have order

Badger · October 19, 2022, 9:57pm

Your [timestamp_message] field has milliseconds. Your date filter has to consume that. Try "YYYY-MM-dd HH:mm:ss,SSS".

Nikolas1306 · October 19, 2022, 11:06pm

hello i've resolved with


grok {
   match => ["message", "%{TIMESTAMP_ISO8601:logmessage}"]
 }


           
           date {
	         match => [ "logmessage", "ISO8601", "YYYY-MM-dd HH:mm:ss" ]
	         target => "logdate"
	        
        }

system · November 16, 2022, 11:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok filter TIMESTAMP_ISO8601 appears in Kibana as String Logstash	4	1653	January 11, 2021
Is there a way to match Timestamps with the time in the message of the log Logstash	10	394	August 26, 2020
Unable to parse datetime from log message Logstash	5	959	February 21, 2019
Date filter in logstash.conf not parsing the date while grok parses it by timestamp_iso8601 Logstash	21	27371	July 6, 2017
Converting time into @timestamp Logstash	9	2069	July 6, 2017

Extract datatime in log and convert in datatime field?

Related Topics