Hello,
I have a dataset containing a datetime representation like this MM/01/yyyy 24:00 instead of MM/02/yyyy 00:00 or MM/01/yyyy 23:59
So the end of the day is represented as 24:00 and therefore not recognized by Elastcisearch/Kibana as the @timestamp (which is desired).
How can I change it accordingly?
Thanks in advance!
If you are parsing it with a date filter one option would be to mutate+gsub 24:00 to 23:59 before the date filter, and optionally use a ruby filter conditional upon the presense of 24:00 in the original field to add 60 seconds to the resulting date (using code similar to this).
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.