Logstash Error

Badger · May 4, 2022, 3:07am

ERROR: Unknown command 'â€“f' looks very similar to this. Do you have –f instead of -f?

Akhil2:

	mutate {
		add_field => { "DOB" => "%{BIRTHDATE}" }
	}
	
	#	Process the birthdate as DOB. Convert the birthdate into a date value. 
	date {
		match => [ "DOB", "yyyyMMdd"]
		target => "DOB"
	}

	# remove all fields we dont need anymore. 
	mutate { 
		remove_field => [ "BIRTHDATE" ]
	}

That will work, but I would suggest

date {
	match => [ "BIRTHDATE", "yyyyMMdd"]
	target => "DOB"
	remove_field => [ "BIRTHDATE" ]
}

That will leave the [BIRTHDATE] field intact if a date filter is unable to parse it. So if someone sends you dodgy data you will be able to see what is wrong with it.