Hello,
I have a dataset containing a datetime representation like this MM/01/yyyy 24:00 instead of MM/02/yyyy 00:00 or MM/01/yyyy 23:59
So the end of the day is represented as 24:00 and therefore not recognized by Elastcisearch/Kibana as the @timestamp (which is desired).
How can I change it accordingly?
Thanks in advance!
If you are parsing it with a date filter one option would be to mutate+gsub 24:00 to 23:59 before the date filter, and optionally use a ruby filter conditional upon the presense of 24:00 in the original field to add 60 seconds to the resulting date (using code similar to this).
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.