Trying to replace the timestamp (interval_start_date_time) retrieved from DB2 to the logstash time stamp. Referred other similar threads but didn't help and finally here.
Output without using Date filter:
{
"@timestamp": "2017-05-02T21:42:12.035Z",
"@version": "1",
"interval_start_date_time": "2014-12-05T18:28:40.000Z"
}
Added below Date filter:
filter {
date {
match => ["INTERVAL_START_DATE_TIME", "yyyy-MM-dd'T'HH:mm:ss.SSSZ"] #timezone => "America/Chicago"
tag_on_failure => [ _baddate]
target => "@timestamp"
}
}
Output below after adding Date Filter ( in which @timestamp is not replaced):
{
"@timestamp": "2017-05-02T21:47:27.714Z",
"@version": "1",
"interval_start_date_time": "2014-12-05T18:28:40.000Z"
}
Thanks for the response. I have the field with same case in Input SQL Query as well as the Filter plugin. The Logstash prints the fields in lower-cases irrespective of the cases in input and filter plugins.
We had identified the root cause of the issue and that is due to the input Select query pulls the field in a date format but the filter plugin expects in string format. After modifying the SQL Query to pull the Date field as String through DB2 Date Format conversion, it works fine now and the Logstash @Timestamp is replaced by the DB2 TimeStamp.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.