Dear,
I need to concatenate two fields to send to Elasticsearc 4.6.4, one field is of date and the other field is time and that field is mapped automatically.
Example of a txt file:
0;0;0;0;0;ENTRADA;;;;;;09/06/2014;06:18:55.234;XXXX;XXXX;
0;0;0;0;0;ENTRADA;;;;;;09/06/2014;06:18:55.284;XXXX;XXXX;
I want to concatenate the date + time field (09/06/2014;06:18:55.234).
Could you please edit your question and ask in english?
Yes.
Great.
Note that Elasticsearch 4.6.4 does not exist. I assume you meant 6.4.x.
Have a look at ingest pipelines. That helps to modify the source document before it gets indexed.
May be this processor would help in your case? https://www.elastic.co/guide/en/elasticsearch/reference/6.5/set-processor.html
I need the join of the two fields to be the current time (timestamp).
Yes. That's what I understood. And exactly what I proposed I believe.
I am using this configuration in .conf
filter {
csv {
separator => ";"
columns => ["1","2","3","4","5","6","7","8","9","10","11","Data","Hora","14"]
}
mutate {
add_field => {
"Data2" => "%{Data} %{Hora}"
}
}
}
This is logstash then. Ok. Does it work?
It partially works.
I need these two fields to be sent with the date type.
I need these two fields to be sent with the date type.
Either change the mapping in elasticsearch and set the format. See Date field type | Elasticsearch Guide [8.11] | Elastic
Or send dates with this format (and they will get automatically detected): 2015-01-01T12:10:30Z. Something like %{Data}T%{Hora}.
Or use a date filter in addition to this. See Date filter plugin | Logstash Reference [8.11] | Elastic
HTH
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.