Hello ,
So i'm stuck with a problem here: I have some log files with an unstructured data.
I parse them using logstash (grok filter). The problem is i want to display them in the same order in the log file (ordered by their own timestamp not the timestamp they were parsed in).
In order to do this i need to sort them based on the field "Dates" (field created using grok to extract the date part ).
Sorting them requires that this "Dates" field be of date type and not string type.
How can i parse the new log files using Grok filter and have the "Dates" field a date type.
I have read the documentation about the date in json files and how to reindex , yet they don't seem to make it clearer. here is a sample of the log data:
Jan 21 14:00:05.590 OPCM35AVCS207 VCS: [0x00000fd8] Sending CS_CALLACCEPTED for CallID 0x2643c6f14f74035d to: VoIP Connection Server: 861