Hi I want to convert a String type field to Date type field, while keeping the system auto-generated @timestamp. The example log is below.
Any ideas pls?
Mar 1 00:02:14 eqx-astockweb1 adobestock[59746]: {"app_id":"as","geid":"21f40b51fa215f7996321baa868c6ab7","etid":"purchase","ev":1,"date":"2015-12-31 23:02:14","mt":1451602934.82,"ip":"73.207.248.121","asui":"aea8fe2f3f4d5bf1b0fc6da3f6793a2a","session_id":"0a024232eda44fa9c6bfd5c95e59ed06","member_id":25241916,"is_buyer":true,"url":"https://stock.adobe.com/Order/Overage","locale":"en_US","purchase":{"source":"web","type_id":2,"sao":"70FE4517564739AC0A744C6B","order_number":"AD019052392","content_id":98060092,"delegate_guid":null,"sku":null}}
My current conf:
input {
file {
path => "/Users/yangyan/Desktop/log_file/test.log"
start_position => "beginning"
type => "json"
codec => json
}
}
filter {
grok{
match => { "message" => "%{SYSLOGBASE} %{GREEDYDATA:message}" }
overwrite => [ "message" ]
}
json {
source => "message"
}
mutate{
rename => { "[purchase][source]" => "p_source" }
rename => { "[purchase][type_id]" => "p_typeId" }
rename => { "[purchase][content_id]" => "p_contentId" }
}
## doesn't work
date{
match => ["date", "YYYY-MM-dd HH:mm:ss", "ISO8601" ]
timezone => "Europe/Dublin"
target => "date"
}
prune {
whitelist_names => [ "@timestamp", "app_id", "member_id", "locale", "date", "p_source", "p_typeId", "p_contentId" ]
}
}
output {
elasticsearch { hosts => ["localhost:9200"]}
stdout { codec => rubydebug }
}