Failed multiple date fields parsing

cilzzz · January 4, 2018, 1:50pm

Hi i have a logfile which contains mutiple date fields and i need to parse 3 date fields

in my logstash config file i've wrote :

date {
                  match => ["Starting_Time", "yy-MM-dd HH:mm:ss"]
                  timezone => "Europe/Paris"
                  target => "@timestamp"
              }


date {
                  match => ["start_rxdate", "yy-MM-dd"]
                  timezone => "Europe/Paris"
                  target => "start_rxdate"
      }


date {
                  match => ["start_rxtime", "HH:mm:ss"]
                  timezone => "Europe/Paris"
                  target => "start_rxtime"
      }

hte only date that worked is the one who has the @timestamp as a target

can someone help

thank you!

guyboertje · January 4, 2018, 2:52pm

Why do you need to convert start_rxdate and start_rxtime to Time object instances?

They will be converted back to strings when serialising to ES - except they will have the missing component (time or date) added.
e.g.
if start_rxdate is "18-01-03", you get "2018-01-02T23:00:00.000Z" when serialized.
if start_rxtime is "11:12:13" (today being the 4th of Jan), you get "2018-01-04T12:12:13.000Z" when serialized.

I think you want to join start_rxdate and start_rxtime to a new field called say start_rxts and then use the date filter on that.

cilzzz · January 5, 2018, 8:54am

thank you actually it worked the way i did it it needed time to make the changes, i need the two field separated because i need to sketch on kibana start_rxtime (y axis) and start_rxdate (x axis)

system · February 2, 2018, 8:54am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.