Logstash parsing date into JSON

Frederic_Gaerel · December 10, 2018, 5:06pm

Hi. this problem seems solved for some but I still have it....

Sample data in log file :
{"TIMESTAMP":"2018-12-10 11:28:20.753","USER":"username (AIX)","ACTION":"SEARCH_SITE","CALLING_METHOD":"postRechercheSites","FILTRE":"{organisation=ALL, code_depot=, code_tracking=, activite_rattachement=ALL, code_activite=AGE, trigramme=, statut=ACT, code_postal=, critere_date=ALL, date=}"}

My conf file :
input {
file {
path => "/etc/logstash/log/RefTechnical.log"
start_position => "beginning"
}
}

filter {
json {
source => "message"
}
date {
match => [ "[message][TIMESTAMP]" , "yyyy-MM-dd HH:mm:ss.SSS" ]
}
date {
match => [ "TIMESTAMP" , "yyyy-MM-dd HH:mm:ss.SSS" ]
target => "MY_TIMESTAMP2"
}
}

output {
elasticsearch {
hosts => ["elasticsearch:9200"]
index => "myindexname"
}
stdout {
codec => rubydebug
}
}

my problem
TIMESTAMP inside JSON is still TEXT and never converted to date...

thanks for help...

Frederic_Gaerel · December 11, 2018, 11:05am

Auto closed.
PEBKAC...

Topic		Replies	Views
How to read JSON file using logstash and convert String date format to Date time format Logstash	6	5499	November 9, 2017
JSON date conversion Logstash	6	5062	January 12, 2017
Logstash filter for json is not using jason file date Logstash	1	404	February 6, 2018
Date filter not working with json log Logstash	3	1544	January 4, 2019
Json date is not parsing to @timestamp Logstash	5	2128	May 21, 2020

Logstash parsing date into JSON

Related topics