How to change the date structure to YYYY:MM:DD

subash_k · May 31, 2023, 11:08am

Hi,
I tried multiple way to change the date event into YYYY:MMM:DD as log_date. below format is actual date event (2023-05-31 10:30:50,244).
I tried manual string concatenation even though am getting type as timestamp resulted as (2023-05-31 00:00:00.000) not as 2023-05-31.
Thoughts ?
TIA

Rios · May 31, 2023, 11:15am

Use ISO8601 instead of YYYY:MMM:DD

subash_k · May 31, 2023, 11:26am

Hello @Rios ,
I tried below snippet

ruby {
  code => 'event.set("log_dates", event.get("date").gsub(/(\d{4}-\d{2}-\d{2}).*/, "\\1"))'
}


  ruby {
    code => '
      date_parts = event.get("date").split(" ")[0].split("-")
      event.set("year", date_parts[0])
      event.set("month", date_parts[1])
      event.set("day", date_parts[2])
      modified_date = "#{date_parts[0]}-#{date_parts[1]}-#{date_parts[2]}"
      event.set("modified_Date", modified_date)
    '
  }

mutate {
    convert => {
      "modified_Date" => "string"
    }
  }

input date event : 2023-05-31 10:30:48,841
Both log_dates and modified_Date returning like this -> 2023-05-31 00:00:00.000

leandrojmp · May 31, 2023, 12:23pm

Where are you getting this result? It is in Logstash or in Elasticsearch? You didn't specify.

Elasticsearch per default will try to recognize a date if you do not have a explictily mapping for your index, and all date strings in Elasticsearch also needs a time, if the time is not provided it will be considered as 00:00 UTC.

If you want a date in Elasticsearch to looks like just YYYY-MM-DD you need to map this field as a string in your mapping before indexing anything.

subash_k · May 31, 2023, 12:57pm

I tried converting to string for event modified_Date that's also not working.
While checking with logstash log am able to see 2023-05-31 but while checking in table (Index ) it's resulting as 2023-05-31 00:00:00.000

leandrojmp · May 31, 2023, 1:18pm

As I said in the previous answer, if you are seeing this in Elasticsearch you need to fix the mapping, it doesn't matter if you convert it to string or not in Logstash or if does not have a time, if you do not have a map for this field Elasticsearch will detect it as a date and will add the time.

You need to fix the mapping in Elasticsearch.

system · June 28, 2023, 1:19pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Conver String to date (or replace @timestamp) (SOLVED) Logstash	13	19996	July 6, 2017
Change Date format from yyyy-MM-dd hh:mm:ss to yyyy-MM-dd Logstash	4	1672	January 30, 2019
Convert Date String Into Date Format Logstash	111	13575	September 16, 2019
Converting a date input as a string into a new format Logstash	2	1842	May 16, 2019
Unable to change date format Logstash	4	329	March 1, 2022

How to change the date structure to YYYY:MM:DD

Related Topics