Hi all.
I parse a csv with date and time events. These events has no syslogtime. They are separated in to date and time.
How can I merge date and time to the @timestamp?
I tried some samples with "mutate" and "date" I had found in the forum but without success.
Thats my "rubydebug"
"StartTime" => "18:32:27",
"StartDate" => "16.05.2018",
"@timestamp" => 2018-05-19T00:06:28.173Z,"
Kind regards - Jiona
mutate { add_field => { "[@metadata][ts]" => "%{StartDate} %{StartTime}" } }
date { match => [ "[@metadata][ts]", "dd.MM.YYYY HH:mm:ss" ] }Hello Badger.
I'm sorry for my late response (was in holiday).
Your suggestion is the right way, but the time in @timestamp is two hours before. Do you have a solution for that, or can you show me where I can find detailed information about "metadata" and there options?
"StartTime" => "18:32:27",
"StartDate" => "16.05.2018",
"@timestamp" => 2018-05-16T16:32:27.000Z,
Kind regards - Jiona
@timestamp is always UTC. If your logs are not in UTC then specify the timezone option on the date filter.
Thank's. I will be back soon.
In "Kibana => Management => Advanced Settings => dateFormat" the time zone will default recognized by the browser - or can changed to the required Joda.org time zone page.
For me, I do not need to change the timezone.
Thats the "rubydebug" output:
"@timestamp" => 2018-05-16T16:32:27.000Z,
"CallId" => "206522"
"StartTime" => "18:32:27",
"StartDate" => "16.05.2018",
Thats from Kibana output:
@timestamp May 16th 2018, 18:32:27.000
CallId 206522
StartDate 16.05.2018
StartTime 18:32:u5272:
@Badger - Thanks for your support.
Kind regards - Jiona
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.