Hi
I have date & time filed in the log as below, which I have parsed to a filed in the logstash.
11-12-2015 10:00:00,301
However I want the date only in 2015-12-11 (YYYY-MM-DD) format into a variable, say event date in logstash.
How Can I extract the date and convert into YYYY-MM-DD (or reverse the string) and store into a variable.
If you want to parse it into a complete timestamp use the date filter, otherwise use the grok filter to extract each component of the date into temporary fields and a mutate filter to put them back together in the desired order. Something like this:
grok {
match => ["name-of-field", "^%{MONTHNUM:month}-%{MONTHDAY:day}-%{YEAR:year}"]
}
mutate {
add_field => {
"event_time" => "%{year}-%{month}-%{day}"
}
remove_field => ["year", "month", "day"]
}
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.