Hi,
I have the input with 2 date format in same column of csv file.
3-Mar-18 and Mar-18
below is the config file I created.
--
date {
match => ["rdate", "d-MMM-yy"]
target => "rdate"
}
date {
match => ["rdate", "MMM-yy"]
target => "rdate"
}
mutate{
convert => { "count" => "integer" }
}
--
but Date is not pharseing for 2nd format i.e.. "Mar-18"
"tags" => [
[0] "_dateparsefailure"
Please help...!!!
I have to assign both date format to a single target.
So your CSV looks like this?
somedata;3-Mar-18
otherdata;Mar-18
moredata;3-Mar-18
Then your rdate result at the end should be right and the tag is justified, isn't it? I mean, one of the two filters would have to fail because either the first one is successful and the second is trying to parse a date time object which it cannot parse or the first one doesn't find the right date format and the second one gets it right?
When I try out your configuration, I get "rdate" => 2018-03-02T23:00:00.000Z and "rdate" => 2018-02-28T23:00:00.000Z. (March was UTC+1 for where I live, so I guess that makes sense).
If you do not want to get that tag, you will probably have to check the date format with a regex first.
if([rdate] =~ /^\d{1,2}-[a-zA-Z]{3}-\d{2}$/) {
...
}
According to https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html#plugins-filters-date-match, you should be able to combine the two date filters into one like this:
date {
match => [ "rdate", "d-MMM-yy", "MMM-yy" ]
target => "rdate"
}
This will then perform the conversion on either format that it finds the field in.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.