I have server logs data of one of the field date as 12/04/2018 11:00:55 -0000 but I am not able to load this data directly even after defining the field mapping as
PUT new-swati-2019.04.24
{
"mappings": {
"doc": {
"properties": {
"request_date": {
"type": "date",
"format": "dd/MMM/yyyy:HH:mm:ss ZZZZ"
}
}
}
}
}
Via filebeat, I guess it's not possible but can we check via logstash configuration ?? or how can we do this?
Please suggest
Hey,
try this
DELETE foo
PUT foo
{
"mappings": {
"properties": {
"date": {
"type": "date",
"format": "dd/MM/yyyy HH:mm:ss Z"
}
}
}
}
PUT foo/_doc/1
{
"date" : "12/04/2018 11:00:55 -0000"
}
GET foo/_search
{
"query": {
"range": {
"date": {
"gte": "2018-04-12",
"format": "strict_date_optional_time"
}
}
}
}
Note, this assumes you are using Elasticsearch 7.0.
--Alex
@spinscale Thanks Alex for your reply..
But I am using 6.7.0 kibana version.
Could you please help me on this accordingly.
try
DELETE foo
PUT foo
{
"mappings": {
"_doc": {
"properties": {
"date": {
"type": "date",
"format": "dd/MM/yyyy HH:mm:ss Z"
}
}
}
}
}
PUT foo/_doc/1?refresh
{
"date" : "12/04/2018 11:00:55 -0000"
}
GET foo/_search
{
"query": {
"range": {
"date": {
"gte": "2018-04-12",
"format": "strict_date_optional_time"
}
}
}
}
@spinscale Thanks it worked
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.