My log pattern is as
|other|test|test1|20160808134300
i have chopped these pipe separated value in different fields and have fields like
field0 = other
field1 = test
field2 = test1
field3 = 20160808134300
field3 is time stamp of log 2016 08 08 13 43 00 I want to convert this field into date and time .
Use the date filter.
yeah I have gone for same I wrote this
date {
match => [ "field3", "MMM dd YYYY HH:mm:ss" ]
}
But I didn't find any change and some where I read that date accept array as input.
match => [ "field3", "MMM dd YYYY HH:mm:ss" ]
But that date pattern clearly doesn't match the contents of field3.
so I need to write this ?
date {
match => [ "field3", "YYYYMMddHHmmss" ]
}Why don't you try it out?
I tried
match => [ "field3", "YYYYMMddHHmmss" ]
but not working
What's the error message in the log? The date filter always logs parse errors.
There is no error message in logs.
Please show an example of an event as produced by a stdout { codec => rubydebug } output.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.