I am using a json input to filter some data and sent it to elasticsearch;
sample document from input json file:
{"preview":false,"offset":0,"result":{"@timestamp":"2016-11-30T21:59:43.000Z","@version":"1","_raw":"{ ..}}
I want my corresponding elasticsearch event to have the exact same timestamp as above;
However the following :
date {
match => [ "[result][@timestamp]", "yyyy-MM-ddTHH:mm:ss.000Z" ]
tag_on_failure => ["no_date_match"]
}
yields
Exception", :message=>"Illegal pattern component: T"
Have also tried: "yyyy-MM-dd HH:mm:ss.000Z
but then I just get match failure.
Which pattern should I use?