Hello,
I need to parse Field1 as date . I use date filter but when i specify target , i get target as string not date ( by default the timestamp is the target but this is not my need).
date {
match => ["Field1", "dd/MM/yyyy HH:mm:ss", "dd/MM/yyyy HH:mm:ss", "ISO8601"]
target => "Field1"
}
Where? If you use output { stdout { codec => rubydebug } } is it a date? If you are sending events to elasticsearch and initially sent [Field1] as a string and then added a date filter then any documents arriving at elasticsearch with [Field1] as a date will have it converted to a string until you roll over to a new index, at which point it will start being a date (assuming you have date detection enabled, which is on by default).
yes in ruby output it is formated as date:
"Field1" => 2022-10-20T15:49:13.352Z
But in Kibana it is noted as string.
OK, so it is being converted back to a string when it is indexed in elasticsearch. Check the mapping of the index. You will need to change the mapping, which requires you to reindex the data.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.