I need to combine two fields , one of which contains a date field and the other an hour field into a timestamp .
For example, the Date field : "01OCT17" i.e. 1'st of OCT 2017. The Hour field is a numeric value from 0-23.
The Date field is called ObsDate and the hour field is called ObsDate. These fields are found in each csv input line.
I would like to combine them into something like 01/Oct/2017 03:00:00
Any ideas would be great
The Date field is called ObsDate and the hour field is called ObsDate.
Assuming there's a typo in this sentence and that they're really in different fields:
mutate {
add_field => {
"timestamp" => "%{ObsDate} %{ObsHour}"
}
}
You'll probably want to delete the two fields that were combined (which you can do with a remove_field option in the same filter).
Use a date filter to parse the string into a timestamp that'll get recognized as such by Elasticsearch.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.