How to create a date and hour field into a timestamp

pgervais · November 18, 2017, 12:21am

I need to combine two fields , one of which contains a date field and the other an hour field into a timestamp .
For example, the Date field : "01OCT17" i.e. 1'st of OCT 2017. The Hour field is a numeric value from 0-23.
The Date field is called ObsDate and the hour field is called ObsDate. These fields are found in each csv input line.

I would like to combine them into something like 01/Oct/2017 03:00:00
Any ideas would be great

magnusbaeck · November 21, 2017, 6:25am

The Date field is called ObsDate and the hour field is called ObsDate.

Assuming there's a typo in this sentence and that they're really in different fields:

mutate {
  add_field => {
    "timestamp" => "%{ObsDate} %{ObsHour}"
  }
}

You'll probably want to delete the two fields that were combined (which you can do with a remove_field option in the same filter).

Use a date filter to parse the string into a timestamp that'll get recognized as such by Elasticsearch.

system · December 19, 2017, 6:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Indexing date from a field with two entries Logstash	3	637	July 6, 2017
Conversion two string to date Logstash	4	326	July 11, 2018
Dateparsefailure on time field Logstash	4	242	October 6, 2020
Extract Hour and Day from @timestamp Logstash	8	2727	November 19, 2019
Convert field containing a timestamp from string to a date / time or timestamp? Logstash	48	6622	April 6, 2021

How to create a date and hour field into a timestamp

Related topics