How to change date format in logstash?

reillye · December 3, 2020, 3:22pm

My raw data comes in epoch format e.g. 430201865. I can parse this to UNIX using the date filter in logstash like so

date {
  match => ["time", "UNIX"]
  target => "timestamp"
  remove_field => ["time"]
}

This produces the date in a format like so: 1983-08-20T20:50:10.000Z, but I have a format on my Elasticsearch template for my index like so uuuu-MM-dd HH:mm:ss Z. This results in an error when parsing the date, as it does not match the format we are expecting.

Is there a way for me to convert the my date into the format I am expecting?

Badger · December 3, 2020, 4:16pm

Use a ruby filter and strftime.

system · December 31, 2020, 4:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to change date format in logstash Logstash	2	275	July 30, 2021
Converting date format in logstash Logstash	3	1829	July 23, 2018
Change date format need help Logstash	15	13768	July 6, 2017
Date filter in logstash Logstash	7	845	February 13, 2022
Date format in elasticsearch Elasticsearch	6	691	July 5, 2017

How to change date format in logstash?

Related topics