Hi,
I am new with ELK concepts, I need a help with TIME pattern. The value from input is in HH:mi:ss format (00:01:05) and in elasticsearch its recognized as string.
Can elasticsearch be forced to recognize this as date or time format so that I can use this field for aggregations?
I want to use this field values for creating table wth max, min and avg values.
Logstash entry
if [type] == "testing_pattern" {
grok {
patterns_dir => ".\software\patterns"
match => {"message" => ["%{TIME:time_test}"]}
}
date {
match => [ "time_test", "HH:mm:ss" ]
#timezone => "UTC"
}
}
Please let me know if you need any further details?