How to change date format in logstash?

reillye · December 3, 2020, 3:22pm

My raw data comes in epoch format e.g. 430201865. I can parse this to UNIX using the date filter in logstash like so

date {
  match => ["time", "UNIX"]
  target => "timestamp"
  remove_field => ["time"]
}

This produces the date in a format like so: 1983-08-20T20:50:10.000Z, but I have a format on my Elasticsearch template for my index like so uuuu-MM-dd HH:mm:ss Z. This results in an error when parsing the date, as it does not match the format we are expecting.

Is there a way for me to convert the my date into the format I am expecting?

Badger · December 3, 2020, 4:16pm

Use a ruby filter and strftime.

system · December 31, 2020, 4:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to change date format in logstash Logstash	2	275	July 30, 2021
Change date format need help Logstash	15	13768	July 6, 2017
Date filter in logstash Logstash	7	844	February 13, 2022
Parsing date format error Logstash	3	761	October 24, 2018
Date conversion with Logstash Logstash	5	429	May 20, 2022

How to change date format in logstash?

Related Topics