Hi,
I'm trying to study ELK and I have a little problem with date management. I would like to show data of a hotel with guests: date of checkin (checkin date yyyy-mm-dd), name of guest (name), room booked (room) and palace (building) of room.
Based on the dates inside an Option List, I would like to changes the results, but I get an error.
The pipeline is:
{
"description": "Ingest pipeline created by text structure finder",
"processors": [
{
"csv": {
"field": "message",
"target_fields": [
"checkin",
"name",
"room",
"build"
],
"separator": ";",
"ignore_missing": false
}
},
{
"date": {
"field": "checkin",
"timezone": "{{ event.timezone }}",
"formats": [
"ISO8601"
]
}
},
{
"convert": {
"field": "room",
"type": "long",
"ignore_missing": true
}
},
{
"remove": {
"field": "message"
}
}
]
}
The index Mapping:
{
"properties": {
"@timestamp": {
"type": "date"
},
"build": {
"type": "keyword"
},
"checkin": {
"type": "date",
"format": "iso8601"
},
"name": {
"type": "keyword"
},
"room": {
"type": "long"
}
}
}
The CSV with data:
checkin;name;room;build
2021-01-01;James;21;A
2021-01-01;Edgar;21;A
2021-07-03;Mary;11;C
2021-12-31;Angel;9;F
2021-12-31;Rose;8;F
2022-01-12;Bill;13;D
A screen about the error ( [esaggs] > EsError ):
Could you please help me?