String to date type

groowy · July 5, 2019, 12:04pm

Hi,
I want to change my test_log_time field type from String to date and when I start Logstash it shows it's okay but Kibana still shows String even if I refresh the page.
my config file:

input {
beats {
port => "5044"
}
}
filter {
if "asd123" in [tags] {
dissect {
mapping => {
message => '%{log_timestamp} %{+log_timestamp} %{s-ip} %{cs-method} %{cs-uri-stem} %{cs-uri-query} %{s-port} %{cs-username} %{c-ip} %{cs-user-agent} %{cs-referer} %{response} %{sc-substatus} %{sc-win32-status} %{time-taken}'
}
}
}
else if "apache" in [tags] {
dissect {
mapping => {
message => '%{}"%{}":"%{clientip} %{} %{} [%{timestamp}] "%{verb} %{request} %{}" %{response} %{bytes}%{}","%{}":"%{}","%{}":"%{}"%{}'
}
}
}
else if "test" in [tags] {
dissect {
mapping => {
message => '%{test_log_time} %{+test_log_time} %{packet_persec} %{diff}'
}
}
date {
match => ["test_log_time","yyyy-MM-dd HH:mm:ss"]
}
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
user => ----------
password => ---------
}
stdout { codec => rubydebug }
}

my example log:

2019-05-23 10:22:24 702281827 905

Badger · July 5, 2019, 3:27pm

This will parse the value of test_log_time and store the resulting Logstash::TimeStamp in @timestamp. If you want to overwrite test_log_time then specify the target option to the date filter.

groowy · July 9, 2019, 6:49am

Thank you, it works!

Topic		Replies	Views
Logstash : Time Field Logstash	10	2570	February 5, 2018
How to convert time typestring into date type Logstash	15	887	December 24, 2018
String to Date, besides default system @timestamp Logstash	3	864	July 6, 2017
My timestamp can't get converted to a date type Logstash	8	4406	June 27, 2017
Convert string to date in logstash config file Logstash	4	3098	July 6, 2017

String to date type

Related topics