I have a field called event_timestamp with format Thu Dec 09 15:02:66 IST 2021
I want to parse this format to default elastic acceptable format
I use date filter as below
date{
match => ["event_timestamp","EEE MMM dd HH:mm:ss zzz yyyy"]
}
what else I have to do still I am getting could not get index to Elasticsearch due to date field ca not parse error is there
hi Mangesh,
this should do it
date { match => ["event_timestamp", "EEE MMM dd HH:mm:ss 'IST' yyyy"]
target => "event_timestamp" }
your output will be "2021-04-18T09:17:24.000Z" -> which is 5 hour difference. which is UTC time.
The date filter does not parse named zone, you should change your match to the one shared in the previous answer.
date { match => ["event_timestamp", "EEE MMM dd HH:mm:ss 'IST' yyyy"] }
Also, you will need to specify your timezone to the filter and you can't use named timezone as well because they can be ambigous, in your case, IST can mean 3 completely different timezones, as explained in this another question
You will need something like this:
date {
match => ["event_timestamp", "EEE MMM dd HH:mm:ss 'IST' yyyy"]
timezone => "Asia/Kolkata"
}
Assuming that by IST, you mean India Standard Time, so you should use Asia/Kolkata as the timezone.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.