Parsing log date into timestamp

phung025 · January 11, 2022, 4:36am

In the JSON-format logs sent from filebeat to logstash, I have a field named "time". In the logstash.conf, I mutate it to create a field in the kibana log called rawDate

logstash.conf:

mutate {
    add_field => {"rawDate" => "%{[parsed_json][time]}"}
}

Now the log on Kibana has 2 fields that look like this:

@timestamp Jan 11, 2022 @ 11:09:46.817
rawDate Mon Jan 10 2022 23:09:32 GMT-0500 (Eastern Standard Time)

I'm trying to parse the rawData to replace the @timestamp but couldn't figure out how to do it. Inside the logstash.conf, I tried to add this but it didn't work:

date {
    match => ["time", "EEE MMM dd yyyy HH:mm:ss ZZZ"]
    target => "@timestamp"
}

Badger · January 11, 2022, 1:31pm

ZZZ matches the ids listed on the Joda TZ page. You will need to modify the string before trying to parse it.

    mutate { add_field => { "rawDate" => "Mon Jan 10 2022 23:09:32 GMT-0500 (Eastern Standard Time)" } }
    mutate { gsub => [ "rawDate", " \(Eastern \w+ Time\)", "", "rawDate", "GMT", "Etc/GMT", "rawDate", "-0(\d)00", "-\1" ] }
    date { match => ["rawDate", "EEE MMM dd yyyy HH:mm:ss ZZZ"] }

system · February 8, 2022, 1:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parse logfile date into Kibana's timestamp Logstash	18	4381	May 10, 2017
Parse date from @timestamp Logstash	3	66	June 19, 2024
How to parse date field into @timestamp Logstash	18	35064	December 12, 2017
Replace @timestamp with actual timestamp from log file Logstash	16	96228	February 16, 2017
Logstash changing date received from filebeat Logstash	4	543	July 30, 2018

Parsing log date into timestamp

Related Topics