I need to pick the time from a file and use that for @timestamp. The format of time in file is below
2018-08-30 00:01:23|abc|xy777777
match => ["message","%{TIMESTAMP_ISO8601:time}|..........]
}
date {
match => [ "time" , "ISO8601" ]
}
Doesn't work.
also tried
date {
match => [ "time" , "yyyy-MM-dd HH:mm:ss" ]
}What does an example event produced by Logstash look like? Copy/paste from Kibana's JSON tab or use a stdout { codec => rubydebug } output.
Hi,
I use below
output {
elasticsearch {
index => "x-%{+YYYY.MM.dd}"
hosts => ["localhost:9200"]
}
For the first case, it gives below
"time": "2018-08-29 00:04:40",
"@timestamp": "2018-09-21T19:58:11.545Z",
When I use
date {
match => [ "time" , "yyyy-MM-dd HH:mm:ss" ]
}
I receive the response below for input file data having 2018-08-29 00:06:52
"time": "2018-08-29 00:06:52",
"@timestamp": "2018-08-29T04:06:52.000Z",
If your timezone is UTC-4 then things are working fine. @timestamp is always UTC.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.