I have a date in specific form, its as follows;
"MyDate" => "[20, 12, 17, 14, 31, 28, 2, 4]", which is supposed to be 20/12/17 14:31 24ms
What is the best way to format this in Logstash?
I believe I can use a match, but how to combine the last 2, 4 to create 24ms?
date {
match => [
"MyDate", "dd, MM, yy, HH, mm, ss, S, S"
]
}
Maybe use grok to change it to "MyDate" => "[20, 12, 17, 14, 31, 28, 24]" and then use date on that field?
Depending on what a date with (say) 8ms in it looks like (do you get [20, 12, 17, 14, 31, 28, 0, 8] ?) you could build a parseable date field using
mutate { add_field => { "date" => "%{[MyDate][0]}/%{[MyDate][1]}/%{[MyDate][2]} %{[MyDate][3]}:%{[MyDate][4]}:%{[MyDate][5]}.%{[MyDate][6]}%{[MyDate][7]}" } }
Yes, your are correct, I would get [20, 12, 17, 14, 31, 28, 0, 8]
I tried your suggestion but get something like this in output:
"date" => "%{[MyDate][0]}/%{[MyDate][1]}/%{[MyDate][2]} %{[MyDate][3]}:%{[MyDate][4]}:%{[MyDate][5]}.%{[MyDate][6]}%{[MyDate][7]}"
Any suggestions?
That indicates that you do not have an array called MyDate, which is what I thought you were saying you had. Can you dump a message into "output { stdout { codec => rubydebug } }" so that we can see what the incoming data looks like?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.