Getting two values in one key in kv filter

Sakshi_Aggarwal · July 11, 2018, 12:02pm

Greetings Everyone!

I have attached my output.

I have got two Timestamps in my Log file , both of different format .

Please help me with the code so that I can achieve either of the following :

To eliminate one value and parse it using date filter .
To parse both the values and target the filtered values to @timestamp so that I can visualize in order to create Dashboard.

magnusbaeck · July 11, 2018, 12:13pm

Well, we don't know the origin of the two timestamps so we can't give any advice about which of them should be kept. Just don't try to make @timestamp an array of timestamps.

Sakshi_Aggarwal · July 12, 2018, 6:44am

Okay ,Thanks.
I will only keep one of the values of the timestamp array

Topic		Replies	Views
Logstash KV plugin, convert string values to timestamp Logstash	12	2073	October 11, 2017
How to parse two timestamp fields from one single log line message Logstash	7	452	November 7, 2021
Logstash KV filter time field Logstash elastic-stack-monitoring , elastic-stack-security	6	543	August 17, 2021
Kv filter for solving key value pair type of situation and avoiding some values in between Logstash	3	367	July 4, 2018
Reference key from kv filter to use in date filter Logstash	6	399	April 5, 2019

Getting two values in one key in kv filter

Related topics