filter {
mutate {
split => [message, ","]
add_field => {"Hostname" => "%{message[0]}"}
add_field => {"Metric-Name" => "%{message[1]}"}
convert => { "message[2]" => "integer" }
add_field => {"Metric_timestamp" => "%{message[2]}"}
convert => { "Metric_timestamp" => "integer" }
add_field => {"Metric-value" => "%{message[3]}"}
}
date {
match => ["Metric_timestamp","ISO8601"]
timezone => "America/New_York"
target => "@timestamp"
}
}
I am using above format but it is not working and my data is in text file which is in below format
hostname,metricname,2018-11-28T19:21:12,value.
I am getting "Metric_timestamp" this field as string. either i need timestamp in date format or replace @timestamp.