Regarding grok Date Time

In my oracle DB, I have with timestamp like this: "createdDate" => 2022-04-02T17:00:44.339Z
But in my elasticsearch index, having createdDate as "createdDate": "2022-04-02T17:00:44Z"
How can we change the format in Logstash configuration?

I tried using grok filter below. Not resolved. Could you please suggest?

grok
{
match => {
"created_date" => "%{GREEDYDATA:createdDate}.%{GREEDYDATA:time1}"
}
}

Thanks,
Suresh.

Hello @suresh_u

You can try this below which would work

filter
{
mutate {
gsub => ["createdDate", ".\d{3}", ""]
}}

thank you so much for your quick solution. @sudhagar_ramesh

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.