String to date type

groowy · July 5, 2019, 12:04pm

Hi,
I want to change my test_log_time field type from String to date and when I start Logstash it shows it's okay but Kibana still shows String even if I refresh the page.
my config file:

input {
beats {
port => "5044"
}
}
filter {
if "asd123" in [tags] {
dissect {
mapping => {
message => '%{log_timestamp} %{+log_timestamp} %{s-ip} %{cs-method} %{cs-uri-stem} %{cs-uri-query} %{s-port} %{cs-username} %{c-ip} %{cs-user-agent} %{cs-referer} %{response} %{sc-substatus} %{sc-win32-status} %{time-taken}'
}
}
}
else if "apache" in [tags] {
dissect {
mapping => {
message => '%{}"%{}":"%{clientip} %{} %{} [%{timestamp}] "%{verb} %{request} %{}" %{response} %{bytes}%{}","%{}":"%{}","%{}":"%{}"%{}'
}
}
}
else if "test" in [tags] {
dissect {
mapping => {
message => '%{test_log_time} %{+test_log_time} %{packet_persec} %{diff}'
}
}
date {
match => ["test_log_time","yyyy-MM-dd HH:mm:ss"]
}
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
user => ----------
password => ---------
}
stdout { codec => rubydebug }
}

my example log:

2019-05-23 10:22:24 702281827 905

Badger · July 5, 2019, 3:27pm

This will parse the value of test_log_time and store the resulting Logstash::TimeStamp in @timestamp. If you want to overwrite test_log_time then specify the target option to the date filter.

groowy · July 9, 2019, 6:49am

Thank you, it works!

system · August 6, 2019, 6:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Convert string to date in logstash config file Logstash	4	3052	July 6, 2017
Changing the datatype of Date Filter in Logstash ,doesn't change the datatype in Kibana Logstash	18	2907	August 10, 2017
Convert date from string to datetime format Logstash	4	5348	January 18, 2018
How to change data type for date field? Logstash	5	16740	July 6, 2017
Converting string(Time) field to date field...! Logstash	5	1083	September 14, 2017

String to date type

Related topics