Hello,
I need to parse Field1 as date . I use date filter but when i specify target , i get target as string not date ( by default the timestamp is the target but this is not my need).
date {
match => ["Field1", "dd/MM/yyyy HH:mm:ss", "dd/MM/yyyy HH:mm:ss", "ISO8601"]
target => "Field1"
}
Where? If you use output { stdout { codec => rubydebug } } is it a date? If you are sending events to elasticsearch and initially sent [Field1] as a string and then added a date filter then any documents arriving at elasticsearch with [Field1] as a date will have it converted to a string until you roll over to a new index, at which point it will start being a date (assuming you have date detection enabled, which is on by default).
yes in ruby output it is formated as date:
"Field1" => 2022-10-20T15:49:13.352Z
But in Kibana it is noted as string.
OK, so it is being converted back to a string when it is indexed in elasticsearch. Check the mapping of the index. You will need to change the mapping, which requires you to reindex the data.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.