Getting two values in one key in kv filter

Elastic Stack Logstash
1

Greetings Everyone! :slight_smile:

I have attached my output.

forum
forum.png1366ร—768 179 KB

I have got two Timestamps in my Log file , both of different format .

Please help me with the code so that I can achieve either of the following :

  1. To eliminate one value and parse it using date filter .
  2. To parse both the values and target the filtered values to @timestamp so that I can visualize in order to create Dashboard.
2

Well, we don't know the origin of the two timestamps so we can't give any advice about which of them should be kept. Just don't try to make @timestamp an array of timestamps.

1 Like
3

Okay ,Thanks.
I will only keep one of the values of the timestamp array

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.