String to date type

groowy · July 5, 2019, 12:04pm

Hi,
I want to change my test_log_time field type from String to date and when I start Logstash it shows it's okay but Kibana still shows String even if I refresh the page.
my config file:

input {
beats {
port => "5044"
}
}
filter {
if "asd123" in [tags] {
dissect {
mapping => {
message => '%{log_timestamp} %{+log_timestamp} %{s-ip} %{cs-method} %{cs-uri-stem} %{cs-uri-query} %{s-port} %{cs-username} %{c-ip} %{cs-user-agent} %{cs-referer} %{response} %{sc-substatus} %{sc-win32-status} %{time-taken}'
}
}
}
else if "apache" in [tags] {
dissect {
mapping => {
message => '%{}"%{}":"%{clientip} %{} %{} [%{timestamp}] "%{verb} %{request} %{}" %{response} %{bytes}%{}","%{}":"%{}","%{}":"%{}"%{}'
}
}
}
else if "test" in [tags] {
dissect {
mapping => {
message => '%{test_log_time} %{+test_log_time} %{packet_persec} %{diff}'
}
}
date {
match => ["test_log_time","yyyy-MM-dd HH:mm:ss"]
}
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
user => ----------
password => ---------
}
stdout { codec => rubydebug }
}

my example log:

2019-05-23 10:22:24 702281827 905

Badger · July 5, 2019, 3:27pm

This will parse the value of test_log_time and store the resulting Logstash::TimeStamp in @timestamp. If you want to overwrite test_log_time then specify the target option to the date filter.

groowy · July 9, 2019, 6:49am

Thank you, it works!

system · August 6, 2019, 6:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Convert string to date in logstash config file Logstash	4	3052	July 6, 2017
How to change data type for date field? Logstash	5	16734	July 6, 2017
Converting string(Time) field to date field...! Logstash	5	1081	September 14, 2017
Convert String to Date Elasticsearch	1	251	August 12, 2021
How to convert field date from String to Date? Logstash	13	9017	April 20, 2020

String to date type

Related Topics